[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam.conf/pam.d behavior



Erik Troan wrote:
> We've found it necessary to have pam look for services in /etc/pam.conf if
> they don't have an entry in /etc/pam.d, even if that directory doesn't exist.
> This is the only behavior which will allow seamless upgrades from the
> /etc/pam.conf style of configuration files.

...

> At any rate, please look over this patch and let me know if I missed something.

> +		D(("unable to open %s -- checking %s", filename, PAM_CONFIG));
> +
> +		if ((f = fopen(PAM_CONFIG, "r")) == NULL) {
> +		    _pam_log_error("_pam_init_handlers: could not open "
> +				   PAM_CONFIG );
> +		    return PAM_ABORT;
> +		}

This looks like the existence of a pam.conf file is necessary (instead of
just being an optional fall back).  I'd prefer it if the existence of the
pam.conf file (when there is no specific pam.d/xxx file) implied we read it,
but if it is missing we quietly ignore...  After all, some adminstrators
will try to get away with a single 'pam.d/other' file and have nothing else.

Did I get that wrong?

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []