[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_access and a .d directory



On Wed, Sep 06, seth vidal wrote:

> Hi,
>  On our systems we use pam_access quite extensively. We have a base-set
> of rules we apply to every server and then some servers require special
> rules. We'd love to be able to use something like:
> 
> /etc/security/access.conf <-- default rules
> /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> onto the end of the whole set.
> 
> Just like with all the other .d directory changes it would allow us to
> drop a file onto the system to let that work w/o having to modify the
> access.conf itself.

The problem is: the order is important, the first matched rule 
found will be used. with a .d directory, you don't have this
control anymore and you can get bad side effects, depending on at
which time which files are created.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk suse de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = 8C6B FD92 EE0F 42ED F91A  6A73 6D1A 7F05 2E59 24BB


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]