[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_nologin



> Joseph S. D. Yao wrote:
> > It actually does make sense, if you consider that some user or users
> > [root?] may still be authorised to log in while there is a nologin file.
> No, not really.
> At that moment the pam module _knows_ the entered user name,
> so it knows if at least the user _claims_ to be uid=0.
> If the user can be found with uid!=0 or cannot be found at all,
> a text should be displayed, and the login should be finished.

I appear not to have clearly communicated my meaning.

My understanding is that Han Holl complains, when the following occurs:
	- a "nologin" file exists.
	- the computer prompts for a username [logname].
	- a user enters his or her logname.
	- the computer displays the contents of the "nologin" file.
	- the computer states that the login is incorrect.
	- the computer requests another logname.

If the user only has one means of authenticating himself or herself to
the computer, then it is of course meaningless to ask for another
logname.  The user only has one logname to enter, and entering it again
will only result in a repitition of the above scenario.

However, computers are not gifted with the ability to perceive who
exactly might be logging in, or whether that person might have another
logname with which to authenticate.  If, in fact, the user is able to
get in as "root" - or some other ID which the discerning administrator
might be able to set up - then there are instances in which it will be
advantageous to be able to instantly log in again in another persona.

Consider the case in which the "nologin" file is, for whatever reason,
currently installed but should not be.  When I log in as "jsdy", I am
told the message in the "nologin" file, and that my login is incorrect.
I may then instantly log in as "root", if that is allowed in that
condition even though "jsdy" is not, and remove the offending file,
restoring truth, justice, and the Linuxian way.

Aside from the turgid rhetoric [which is partly my way of staying
awake], does this make sense?

Joe Yao				jsdy@cais.com - Joseph S. D. Yao



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []