Re: Place to call pam_loginuid in the pam session stack

On Tuesday, April 22, 2014 07:30:44 PM Laurent Bigonville wrote: > Hello, > > This is maybe a dumb question, but is there any preferred place in the > pam session stack to call pam_loginuid? > > Is it preferable to call it just after "pam_selinux close" or is any > place OK? I guess the sooner the better so the needed information are > present to audit what the other pam modules are doing? I think that as long as its set before a user can cause any action to occur on their behalf is all that is required. If there is a pam module that looks in a user's home directory for settings and then does something based on that, then you'd need to set it before that module. -Steve -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit