Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

3
  • This does not answer my question as I am still accessing the existing C PAM functions. The ones detailed at the Linux PAM application developer guide which should let you implement programs like 'su' So I don't have to have access to the authentication data as far as I am aware, because how could the program as I have it now authenticate one user but not all others if I had no access at all? You are however correct in not not assigning the process root privileges, which is exactly why I am implementing PAM. Commented Mar 1, 2013 at 14:21
  • @Zimrilim I added the correct reason to the answer why a user can authenticate himself. But except of this, already the developer guide says what I answered: "PAM modules generally have no increased privilege over that possessed by the application that is making use of it.". Please note that all programs that can authenticate have a SETUID/SETGID flag set or run as root like the ssh daemon. Commented Mar 2, 2013 at 23:29
  • 1
    My apologies. I feel really stupid for having overlooked this. I did get the impression from the manuals and explanations that I found that you didn't need to have a separate part of the program with heightened permissions to authenticate any user. With this though it is perfectly clear now. Thank you. Commented Mar 7, 2013 at 9:22