Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Passing unique value to PAM

from [Sam Watters] Network Security [Permanent Link]
Subject: Passing unique value to PAM
Date: Mon, 07 Nov 2005 11:45:14 -0600 
Need suggestions for the following problem:

On host A I have a serialnumber. I am launching a remote execution on host B. There is a pam module on host B that needs that serialnumber to properly configure the environment for the remote execution, and this configuration needs to be done as UID=0.

I've tried the following:

1. Pass serialnumber via TERM - problem: TERM not yet available to module via pam_getenv().

2. Run a program to hand-off the data. This involves forking a child from pam module, but env variable is set to so that parent and child will have a known rendesvouz on a local socket. The child waits on the socket (it is UID=0). The parent continues through sshd processing, runs a program that then talks to the child on the known local socket to send the serialnumber it was provided via its command line from the ssh client on host A.

The child uses that serialnumber to figure out how to configure the environment and then sets UID to the proper user & forks/execs the desired program.

Problem: the child running the desired program skips out of ssh processing. Seems like a bad thing.

...

So, is there any way to communicate a unique value from the ssh client host to the PAM module being executed by the sshd server? The serialnumber is unique to the remote execution I am trying to launch.

Thanks

--
Sam Watters
SGI
watters@sgi.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Passing unique value to PAM, Sam Watters <=
Previous by Date:  FW: ECCN and CCATS#, Deirdre Fitzgerald (AT/LMI)
Next by Date:  Re: Re: passwordless login with heimdal (kerberos) on openssh 4.2p1, elanthis
Previous by Thread:  FW: ECCN and CCATS#, Deirdre Fitzgerald (AT/LMI)
Next by Thread:  ssh v4.2p1 IPv6 TCP checksum error, J. K. Cliburn
Indexes:  [Date] [Thread] [Top] [All Lists]