1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
pam_xauth:
Forward xauth cookies from user to user, normally used by su, sudo, or
userhelper.
Primitive access control is provided by ~/.xauth/export in the invoking
user's home directory and ~/.xauth/import in the target user's home
directory.
If a user has a ~/.xauth/import file, the user will only receive cookies
from users listed in the file. If there is no ~/.xauth/import file,
the user will accept cookies from any other user.
If a user has a .xauth/export file, the user will only forward cookies
to users listed in the file. If there is no ~/.xauth/export file, and
the invoking user is not "root", the user will forward cookies to
any other user. If there is no ~/.xauth/export file, and the invoking
user is "root", the user will NOT forward cookies to other users.
Both the import and export files support wildcards (such as "*"). Both
the import and export files can be empty, signifying that no users are
allowed.
RECOGNIZED ARGUMENTS:
debug write debugging messages to syslog
xauthpath= the path to the xauth program, by default
/usr/X11R6/bin/xauth
systemuser= highest user id assigned to system users, defaults
to 499 (pam_xauth will refuse to forward creds to
target users with id equal to or below this number,
except for root and possibly another specified user)
targetuser= a target user id which is excepted from the systemuser
checks
MODULE SERVICES PROVIDED:
session open session copies xauth cookie to new user
close session deletes copied xauth cookie
AUTHOR:
Nalin Dahyabhai <nalin@redhat.com>, based on original version by
Michael K. Johnson <johnsonm@redhat.com>
|