On Sat, Apr 14, 2001 at 07:51:56PM +1000, Brian May wrote: > >>>>> "Wichert" == Wichert Akkerman <wichert@cistron.nl> writes: > > Wichert> Previously Brian May wrote: > >> I don't suppose there is anyway of saying "skip the next rule > >> if this one succeeds" is there? > > Wichert> Not as far as I know; it would be a very useful extension > Wichert> though. > > I can't help but think that the current method is very inflexible. there was some talk about a `if then else' system to pam a few monthes ago on the pam list, i am not sure if anything ever really came of it. > For instance, something like this would be totally impossible > (although maybe this is beyond the capabilities of PAM too): > > > if (auth pam_unix) { > session pam_unix > account pam_unix > password pam_unix > } else if (auth pam_ldap) { > session pam_ldap > account pam_ldap > password pam_ldap > } else { ??? > session pam_deny > account pam_deny > password pam_deny > } this looks very similar to some of the ideas discussed on the pam list. you may want to look at the pam-list archives. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpE_WBf4rL73.pgp
Description: PGP signature