Hello all,
I'm working on a PAM module that would require a second username and
password to execute a command via sudo. I have the basic pieces in
place, but when the second user authenticates, they authenticate against
the system properly, but not against sudo itself... I'm wondering if
there's something simple I'm missing to make this happen.
code snippet (this is immediately after the first user's authentication
is successful):
pam_handle_t * pamh2 = NULL;
const char* pUsername2 = NULL;
status = pam_start("2man", pUsername2, &conv, &pamh2);
if (status == PAM_BUF_ERR) printf("start: PAM_BUF_ERR\n");
else if (status == PAM_CONV_ERR) printf("start: PAM_CONV_ERR\n");
else if (status == PAM_SYSTEM_ERR) printf("start: PAM_SYSTEM_ERR\n");
status = pam_get_user(pamh2, &pUsername2, NULL);
if (status == PAM_BUF_ERR) printf("get: PAM_BUF_ERR\n");
else if (status == PAM_CONV_ERR) printf("get: PAM_CONV_ERR\n");
else if (status == PAM_SYSTEM_ERR) printf("get: PAM_SYSTEM_ERR\n");
status = pam_authenticate(pamh2, 0);
if (status != PAM_SUCCESS) {
printf("could not successfully authenticate the second user\n");
return status;
} else {
printf("successfully auth'd %s as second auth\n", pUsername2);
}
Thanks in advance for any suggestions.
mt
Show replies by date