[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: An "orthogonal" way of using libpam



> > On Wed, 25 Dec 2002, Joerg Sommer wrote:
> >> Igmar Palsenberg <maillist@jdimedia.nl> wrote:
> > One extra hypothetical but handy example:
> >    - on a restricted machine run one sshd that listens on all
> >      interfaces and uses a restrictive pam setup,
> >      run another one that listens on local interface only
> >      but allows test accounts to start sessions
> > 
> > You can do a similar thing by tweaking sshd_config, but as soon as you
> > have more than one service you would use in that way (xdm? samba? imap?)
> > you may find PAM to be very handy. Even with sshd only, PAM is a way more
> > powerful than sshd_config.
> 
> Now I understand, what you want. But I think, it isn't a task of pam.
> Every application should provide a possibility to set the string passed
> to pam as service_name by pam_start().

That isn't the problem, the problem is that PAM always want's it config in 
/etc/pam.d/x

and the user has no way of changing that location, which in some cases can 
be handy if the user's application wants to do it's own authentication.



	Igmar





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []