Re: Place to call pam_loginuid in the pam session stack
On Tuesday, April 22, 2014 07:30:44 PM Laurent Bigonville wrote:
Hello,
This is maybe a dumb question, but is there any preferred place in the
pam session stack to call pam_loginuid?
Is it preferable to call it just after "pam_selinux close" or is any
place OK? I guess the sooner the better so the needed information are
present to audit what the other pam modules are doing?
I think that as long as its set before a user can cause any action to occur on
their behalf is all that is required. If there is a pam module that looks in a
user's home directory for settings and then does something based on that, then
you'd need to set it before that module.
-Steve