[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)



On Mon, 9 Sep 1996, Erik Troan wrote:

> This may be a better idea for the reasons both you and Ted have pointed
> out. It would be more difficult to work it into the generic PAM scheme
> though. If the "passme" program is considered part of pam_unix.so it's 
> not really a concern though.

How about a daemon called, say, authd ? this will solve the problem with 
multiple runs of the passme binary. We could also use it to impose 
further restrictions (like the operation of the logoutd from the shadow 
suite). Also on a shadowed system there is a concept of shadow groups 
(less used, but very nice, though) - a user is the manager of a group, 
the group have a password, the manager can add users to the group, users 
are required to type the group password to change their primary group, 
etc.

Comments ?

		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
http://www.cccis.ro                               Fax: +40-32-252933
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []