[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: "PAM-chains"



Chris,

Chris Evans writes:
> Recently the linux firewall flow went from linear to tree/chain based. Are
> there plans to upgrade PAM this way? Many a time I have wanted some kind
> of conditional in my pam.d/* files, especially for "su".
> 
> eg. if user is in listfile then rule 1; rule 2 else rule 3.

Support for this is already there.  The trick is to investigate using
control flags of the following form:

[I've just realized that I needed to update the on-line documentation
from the current source tree.]

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html#ss4.1

[Search for the following text:]

The more elaborate (newer) syntax is much more specific and gives the
administrator a great deal of control over how the user is
authenticated. This form of the control flag is delimeted with square
brackets and consists of a series of value=action tokens:

             [value1=action1 value2=action2 ...]

[..]

There is more text, but not too much.... ;^)

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []