Passing unique value to PAM

From: Sam Watters (watters_at_sgi.com)
Date: 11/07/05

  • Next message: elanthis_at_awesomeplay.com: "Re: Re: passwordless login with heimdal (kerberos) on openssh 4.2p1"
    Date: Mon, 07 Nov 2005 11:45:14 -0600
    To: secureshell@securityfocus.com
    
    

    Need suggestions for the following problem:

    On host A I have a serialnumber. I am launching a remote execution on
    host B. There is a pam module on host B that needs that serialnumber to
    properly configure the environment for the remote execution, and this
    configuration needs to be done as UID=0.

    I've tried the following:

    1. Pass serialnumber via TERM - problem: TERM not yet available to
    module via pam_getenv().

    2. Run a program to hand-off the data. This involves forking a child
    from pam module, but env variable is set to so that parent and child
    will have a known rendesvouz on a local socket. The child waits on the
    socket (it is UID=0). The parent continues through sshd processing,
    runs a program that then talks to the child on the known local socket to
    send the serialnumber it was provided via its command line from the ssh
    client on host A.

    The child uses that serialnumber to figure out how to configure the
    environment and then sets UID to the proper user & forks/execs the
    desired program.

    Problem: the child running the desired program skips out of ssh
    processing. Seems like a bad thing.

    ...

    So, is there any way to communicate a unique value from the ssh client
    host to the PAM module being executed by the sshd server? The
    serialnumber is unique to the remote execution I am trying to launch.

    Thanks

    -- 
    Sam Watters
    SGI
    watters@sgi.com
    

  • Next message: elanthis_at_awesomeplay.com: "Re: Re: passwordless login with heimdal (kerberos) on openssh 4.2p1"