[Linux dev] Re: PAM applications

Oskar Pearson on Tue, 25 Feb 2003 19:06:49 +0200 (SAST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Linux dev] Re: PAM applications

To: Allen Van Der Ross <allen@xxxxxxxxxxxx>
Subject: [Linux dev] Re: PAM applications
From: oskar@xxxxxxxxxxx (Oskar Pearson)
Date: Tue, 25 Feb 2003 19:01:50 +0200
Cc: Linux Dev List <dev@xxxxxxxxxxxx>
In-reply-to: <1046191604.17048.49.camel@condor.spi.co.za>
References: <1046191604.17048.49.camel@condor.spi.co.za>
Reply-to: oskar@xxxxxxxxxxx
Sender: dev-bounce@xxxxxxxxxxxx
User-agent: Mutt/1.3.28i

Hi

> I'm just wondering why there is no man page for
> pam_acct_mgmt(3) on Linux (I use RH7.3), but there
> is one for HP-UX and Solaris.

Not sure.

> Although the function is defined in <security/pam_appl.h>
> and when used it works fine.
> 
> Also, I've read docs that say that when PAM_UNIX is
> NOT defined, some applications will use their default
> (read previous) manner of auth etc.but I fail to 
> understand where and how PAM_UNIX is defined?

I don't believe that this is a 'standard' thing. You'll
probably find that the application in question (the one
who's docs you were reading) has sections of code that
will be included if PAM_UNIX is defined, otherwise it
will revert to the standard getpwent() type functions.

I base this mostly on the results of this, which indicates
that (1) there are pam include files on my machine, and (2)
no files in /usr/include have the text PAM_UNIX in them.

oskar@devlin1:/usr/include$ find . -type f -print | grep -i security.*pam
./security/_pam_compat.h
./security/_pam_macros.h
./security/_pam_types.h
./security/pam_appl.h
./security/pam_client.h
./security/pam_filter.h
./security/pam_misc.h
./security/pam_modules.h
oskar@devlin1:/usr/include$ find . -type f -print | xargs grep PAM_UNIX
oskar@devlin1:/usr/include$

If you look at the code of the relevant program, there's probably
some sort of main.h or options.h include file that contains the
PAM_UNIX define. You can use the latter command above to find it.
It'll probably have something like this (give or take..):

/* use pam, comment out to use standard unix calls */
#define PAM_UNIX 1

If you comment that out, make clean and then recompile, it will
probably not use pam.

They could also have something sort of argument set to the
compiler in Makefile or similar, which does something
like this:

CFLAGS = -DPAM_UNIX

(That's from memory; not sure that it'll be CFLAGS..)

If you remove the -DPAM_UNIX, make clean, and then make again,
it'll probably then use the original getpwent() type calls
or similar.

Hope that I'm not telling you stuff you already know.

Oskar
--
Oskar Pearson <oskar@xxxxxxxxxxx>
Qualica Technologies (Pty) Ltd
web: http://www.qualica.com/

References:
- [Linux dev] PAM applications
  - From: Allen Van Der Ross

Prev by Date: [Linux dev] PAM applications
Next by Date: [Linux dev] Flowcharting C code
Previous by thread: [Linux dev] PAM applications
Next by thread: [Linux dev] Flowcharting C code
Index(es):
- Date
- Thread