[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: severe deficiencies in our PAM setup

On Sat, Sep 23, 2000 at 09:04:50PM -0400, Greg Stark wrote:
> 2) A more comlicated but more powerful solution would be some way to define
>    pseudo services like "standard" which can be specified as a module for
>    other routines. Then we could prescribe that all services ship with the
>    default being to inherit the standard authentication unless there's special
>    requirements for it.
>    I wonder if this can be implemented in pam without modifying the standard,
>    all we need is a pam_inherit.so with an argument like "parent=foo" whch
>    calls pam recusively with the service name "foo"

there was recently some discussion on the pam list about making a
include type statement available.

> I think I would lean to the former, it's simpler and nearly good enough. I'm
> not sure every module's current configuration could be emulated by a single
> "other" configuration though.

i think this is a bad idea.  personally i always change other to
pam_deny so only configured services work.  

Ethan Benson

Attachment: pgpSWVTR_U3iH.pgp
Description: PGP signature

Reply to: