[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: An "orthogonal" way of using libpam



Igmar Palsenberg <maillist@jdimedia.nl> wrote:
> Ok.. We want to able to specify where to find the runtime config. 

I can't understand, what you will win with this? What processes it should
affect? It's a good thing, that root can unlock [vx]lock. Otherwise it
must kill the users session if he has locked his session and run away.

And I see two problems with a user config. You can say, if the user is
valid, befor you have checked it. But the way you can check it, it shown
in the config file. And from where the user knows what must stand in the
config file? If your system works with something like ldap or nis, the
user must take the modules for this. Who tells this him? The admin and
thats a great price of work. And your system become insecurer, if
anybody, who doesn't know anything about pam, can configure pam.

The second problem I see, in some environments you can't read the user
files, until the user loged in. An AFS token isn't available, until the
user loged in.

So I only see a possibility for something like [xv]lock with the
disadvantages named above.

Joerg.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []