[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Missing prompt item in PAM



Michael K. Johnson wrote:
> >If you do, then isn't this really what module arguments are for?
> 
> Do you really want applications to be dynamically altering
> /etc/pam.d/* files?  Seems hackish to me.  My application is
> always in the safe domain, but that's not necessarily true
> of all such applications.

Can't you leave it for the module stack to identify when an
authentication is from a safe domain is and when it isn't? Now that we
are able to specify (forward) jumps in the configuration file, its
possible to configure-in decision making forks like that and
authenticate differently as a result.

> >Why not let the admin decide with a suitable /etc/pam.d/'app' file?
> 
> If you want to do this with module arguments, we should at least
> specify in the docs what the argument is called so that it is the
> same across all applications.

Complete agreement. Want to suggest a name for a such an option?

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []