On Sat, Sep 23, 2000 at 09:04:50PM -0400, Greg Stark wrote: > 2) A more comlicated but more powerful solution would be some way to define > pseudo services like "standard" which can be specified as a module for > other routines. Then we could prescribe that all services ship with the > default being to inherit the standard authentication unless there's special > requirements for it. > > I wonder if this can be implemented in pam without modifying the standard, > all we need is a pam_inherit.so with an argument like "parent=foo" whch > calls pam recusively with the service name "foo" there was recently some discussion on the pam list about making a include type statement available. > > I think I would lean to the former, it's simpler and nearly good enough. I'm > not sure every module's current configuration could be emulated by a single > "other" configuration though. i think this is a bad idea. personally i always change other to pam_deny so only configured services work. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpSWVTR_U3iH.pgp
Description: PGP signature