pam_access and a .d directory
Thorsten Kukuk
kukuk at suse.de
Wed Sep 6 18:26:11 UTC 2006
On Wed, Sep 06, seth vidal wrote:
> Hi,
> On our systems we use pam_access quite extensively. We have a base-set
> of rules we apply to every server and then some servers require special
> rules. We'd love to be able to use something like:
>
> /etc/security/access.conf <-- default rules
> /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> onto the end of the whole set.
>
> Just like with all the other .d directory changes it would allow us to
> drop a file onto the system to let that work w/o having to modify the
> access.conf itself.
The problem is: the order is important, the first matched rule
found will be used. with a .d directory, you don't have this
control anymore and you can get bad side effects, depending on at
which time which files are created.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = 8C6B FD92 EE0F 42ED F91A 6A73 6D1A 7F05 2E59 24BB
More information about the Pam-list
mailing list