[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



On Tue, 6 May 1997, Ingo Luetkebohle wrote:

> > I wonder if it might not be valuable to add some sort of
> > #ifdef NAMEHACK sort of thing to your source to allow the use of
> > something like AuthPamName in the htaccess file. As a default I can
> > see why it shouldn't be allowed but it is a valuable function if you
> > want to have one section of the server be authenticated with shadow,
> > another with kerberos, another with radius, another with a listfile
> > that also acts as a listfile for some other server, etc. etc. and you
> > don't have users on the machine.
> 
> Ah, now I see what you want to reach with it. Hmm, why don't you place
> multiple modules into your service configuration file, each with control
> of 'optional'?

Perhaps I'm misunderstanding how optional works but take this
scenario:

Say, for example, I have a machine that has large passwd and shadow
files used to control home directories for a web server and provide
authentication for a radius server. However only select people
are allowed to log into this machine (with a pam_listfile called
loginusers). Then I want to have two authenticated sections on the web
server, both using the shadow file for passwds. One I want this:

http    auth       required     /lib/security/pam_unix_auth.so  

and one I want this:

httplist        auth       required     /lib/security/pam_unix_auth.so  
httplist        auth       required     /lib/security/pam_listfile.so \
	item=user sense=allow file=/etc/loginusers onerr=fail

I can't do that with one service can I?

Or maybe I can and I just don't understand the stacking properly.

I don't actually have a setup like that but it is something I've
considered.

..........................
Chris Dent........SysAdmin
...........Kiva Networking



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []