[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_login_access vs. pam_access


I have found a module pam_access in Linux-PAM which implements the same 
functionallity like the `original' version of pam_login_access from other 
platforms like Free BSD or OpenBSD. Additionally we use a pam_login_access 
module for Linux on the following sites: TU Chemnitz (Technical 
University Chemnitz, Germany) and LRZ (Leibniz Computing Centre, Munich. 
But there is a problem:
/etc/security/access.conf is used by pam_access as the default 
config file and /etc/login.access is used by pam_login_access. So you 
can't transparently substituted one module through the other.
Additionally the `new' pam_login_access module developed by Thomas Mueller 
(a college from TUC) and me provides enhancements for example like:
 * convert hostname to ip address support
 * IPv4(/) IPv6 support
 * network(address) / netmask support
which are not part of the pam_access and the `original' pam_login_access 
module (If you want know more about that please have a look at 
http://www-user.tu-chemnitz.de/~mibe/sw/OpenPBS/home.php3 ).

Now I work on an integration of this module code into Linux-PAM and don't 
know what is the better solution. Is it better to provide an additional 
module pam_login_access with its own code tree, or to enhance existing 
pam_access code with the new features and build two different modules 
at compile time where one will then be pam_access and the second will be 
pam_login_access. What's the consensus?

Best regard,
 Mike Becher                              Mike Becher lrz-muenchen de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]