[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Module chaining?



You can also use the much more flexible control syntax in more recent
versions of libpam.  Without checking, I think Red Hat 5.1 includes a
modern enough version of the libraray.

Cheers

Andrew

Matt Drown writes:
> Resent-Date: 20 Jun 1998 01:22:40 -0000
> Resent-Cc: recipient list not shown: ;
> Resent-Message-ID: <"EEQDG.0.dc2.VxmYr"@mail2.redhat.com>
> Resent-From: pam-list@redhat.com
> Resent-Sender: pam-list-request@redhat.com
> Date: Fri, 19 Jun 1998 21:18:35 -0400 (EDT)
> From: Matt Drown <panzer@dhp.com>
> To: pam-list@redhat.com
> Subject: Re: Module chaining?
> Reply-To: pam-list@redhat.com
> 
> Sorta. You can use the "sufficient" flag to sorta get around this.  Like
> login:
> auth    sufficient	pam_pwdb.so
> auth    required	pam_skey.so
> 
> Then make sure that the users have no valid passwords in passwd or shadow
> files.  I use this method for kerberos logins.
> 
> -Matt Drown     -- Privacy, Anonyminity, & Security -- DataHaven Project
>  panzer@dhp.com -- Shell and Web accounts           -- http://www.dhp.com/ 
> 
> On Fri, 19 Jun 1998, Richard Hakim wrote:
> 
> > Quick question:
> > 
> > Can pam modules be chained from within the module?  For example, I would
> > like to write a module to test whether the user trying to log on is root. 
> > If so, then call the usual unix auth module.  If not, then call pam_skey
> > module.
> > 
> > Is it possible?
> > 
> > Ciao -
> > 
> > Richard
> > 
> > 
> > ---
> > @>  Richard Hakim - rhakim@cyberus.ca                     <@
> > @>                                                        <@
> > @>  Our techniques of estimating [software projects] are  <@
> > @>  poorly developed.  More seriously, they reflect an    <@
> > @>  unvoiced assumption which is quite untrue, i.e., that <@
> > @>  all will go well.                                     <@
> > @>            - The Mythical Man-Month                    <@
> > 
> > 
> > 
> > -- 
> > To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> > 
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []