[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_console for debian



On Wed, Jul 24, 2002 at 11:58:27PM +0200, Bas Zoetekouw wrote:
> Hi Sebastien!
> 
> You wrote:
> 
> >  One solution is to use pam_group to add a user to a special, and
> > ususaly empty, group if he's loggued on the :0 display.
> 
> That makes no sense. User logs in behind the console, and is put in the
> group. User makes a g+s zsh-with-camera-access binary and puts it in
> ~/bin. After that, he'll always have access to the camera.

I got your point, which is if I understand correctly is that we can't
grant to a user a membership to a group in a temporary basis. If he is
smart enough, he can do what necessary to stay (illegallly) in the
group. 

> With other words: pam_console is only for clueless admins and Redhat
> users.

But the whole point of pam_console is to know which user is in front of
the computer so we can give access to him and only him. Is there a flaw
here ?

Christophe

-- 
Christophe Barbé <christophe.barbe@ufies.org>
GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8  F67A 8F45 2F1E D72C B41E

Dogs come when they're called;
cats take a message and get back to you later. --Mary Bly

Attachment: pgpeRbLmj1ugD.pgp
Description: PGP signature


Reply to: