[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]


One of my colleagues <ahosey@kiva.net> at work has put together a
pam_regex module which works like pam_listfile (see below).
He was going to post here about it but I guess never got around
to it so here ya go. 

What we'd like is comments on the usefulness of such a thing,
suggestions for improvements, and where we should put it so other
people can get at it.

We also have pam_nislistfile which does pam_listfile like things via
an NIS server (primarily for hashed access to access control lists).
It's a little less clean than pam_regex.

Chris Dent........SysAdmin
...........Kiva Networking

[snipped from a mail message]
pam_regex is done. The syntax looks like :

auth      required     /lib/security/pam_regex.so item=user \
sense=allow pattern=ah.* onerr=fail

It will do everything pam_listfile does, i.e. remote hosts, shells,
etc. It also does the @group notation, but the behavior isn't terribly
useful - it will check the pattern against all usernames in the
specified group. If someone has a better use for @group let me know.

I was considering a slash-delimited pattern a la Perl: pattern=/ah.*/
if people are more comfortable with that. (It makes the pattern stand
out a little on the command line.) There are two possible drawbacks
(1) I'd have to handle escaped slashes in the pattern, and (2) people
might start thinking these are Perl regexes, which they aren't.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []