diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-08-29 16:21:31 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-08-29 16:21:31 +0000 |
| commit | 338f579d2d3a27de21f4d4ca32d031ff513a5d3c (patch) | |
| tree | 564a8181c5064c76eae7b6e340a1da48017291b1 /modules/pam_loginuid/README | |
| parent | 02bb68f7d71b19461087a51f872a21cf682bd608 (diff) | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
As discussed with Tomas I'm adding the pam_loginuid module from RH
to make the SELinux/Audit stack complete:
2006-08-29 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/sag/pam_loginuid.xml: New.
* doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.
* configure.in: Add modules/pam_loginuid/Makefile.
* modules/Makefile.am: Add pam_loginuid sub directory.
* libpam/pam_static_modules.h: Add pam_loginuid.
* modules/pam_loginuid/Makefile.am: New.
* modules/pam_loginuid/tst-pam_loginuid: New.
* modules/pam_loginuid/pam_loginuid.8.xml: New.
* modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
* modules/pam_loginuid/pam_loginuid.c: New.
* modules/pam_loginuid/README.xml: New.
* modules/pam_loginuid/README: New, generated from XML source.
Diffstat (limited to 'modules/pam_loginuid/README')
| -rw-r--r-- | modules/pam_loginuid/README | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/pam_loginuid/README b/modules/pam_loginuid/README new file mode 100644 index 00000000..c8b0eb00 --- /dev/null +++ b/modules/pam_loginuid/README @@ -0,0 +1,29 @@ +pam_loginuid — Record user's login uid to the process attribute + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_loginuid module sets the loginuid process attribute for the process +that was authenticated. This is necessary for applications to be correctly +audited. This PAM module should only be used for entry point applications like: +login, sshd, gdm, vsftpd, crond, at, and remote. There are probably other entry +point applications besides these. You should not use it for applications like +sudo or su as that defeats the purpose by changing the loginuid to the account +they just switched to. + +EXAMPLES + +#%PAM-1.0 +auth required pam_unix.so +auth required pam_nologin.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so +session required pam_loginuid.so + + +AUTHOR + +pam_loginuid was written by Steve Grubb <sgrubb@redhat.com> + |