On Sat, Apr 14, 2001 at 07:51:56PM +1000, Brian May wrote:
> >>>>> "Wichert" == Wichert Akkerman <wichert@cistron.nl> writes:
>
> Wichert> Previously Brian May wrote:
> >> I don't suppose there is anyway of saying "skip the next rule
> >> if this one succeeds" is there?
>
> Wichert> Not as far as I know; it would be a very useful extension
> Wichert> though.
>
> I can't help but think that the current method is very inflexible.
there was some talk about a `if then else' system to pam a few monthes
ago on the pam list, i am not sure if anything ever really came of
it.
> For instance, something like this would be totally impossible
> (although maybe this is beyond the capabilities of PAM too):
>
>
> if (auth pam_unix) {
> session pam_unix
> account pam_unix
> password pam_unix
> } else if (auth pam_ldap) {
> session pam_ldap
> account pam_ldap
> password pam_ldap
> } else { ???
> session pam_deny
> account pam_deny
> password pam_deny
> }
this looks very similar to some of the ideas discussed on the pam
list.
you may want to look at the pam-list archives.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Attachment:
pgpE_WBf4rL73.pgp
Description: PGP signature