Passing unique value to PAM
From: Sam Watters (watters_at_sgi.com)
Date: Mon, 07 Nov 2005 11:45:14 -0600 To: firstname.lastname@example.org
Need suggestions for the following problem:
On host A I have a serialnumber. I am launching a remote execution on
host B. There is a pam module on host B that needs that serialnumber to
properly configure the environment for the remote execution, and this
configuration needs to be done as UID=0.
I've tried the following:
1. Pass serialnumber via TERM - problem: TERM not yet available to
module via pam_getenv().
2. Run a program to hand-off the data. This involves forking a child
from pam module, but env variable is set to so that parent and child
will have a known rendesvouz on a local socket. The child waits on the
socket (it is UID=0). The parent continues through sshd processing,
runs a program that then talks to the child on the known local socket to
send the serialnumber it was provided via its command line from the ssh
client on host A.
The child uses that serialnumber to figure out how to configure the
environment and then sets UID to the proper user & forks/execs the
Problem: the child running the desired program skips out of ssh
processing. Seems like a bad thing.
So, is there any way to communicate a unique value from the ssh client
host to the PAM module being executed by the sshd server? The
serialnumber is unique to the remote execution I am trying to launch.
-- Sam Watters SGI email@example.com