[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /etc/pam.d/files



I wouldn't want to do that. I was simply imagining what a boolean
equation configuration systemmight look like.

I understand the current PAM config system pretty well, and my current
PAM config needs are pretty simple.

Nico


On Fri, Aug 18, 2000 at 09:44:11PM +0400, Michael Tokarev wrote:
> Nicolas Williams wrote:
> > 
> []
> > 
> > Imagine if you could have something more like this:
> > 
> > telnet auth { ((pam_ldap || pam_krb5 try_first_pass) && pam_unix) || fail }
> > 
> > Actually, a boolean spec might be easier to parse and edit in software
> > than the current line oriented system. It might be harder for humans to
> > parse though...
> 
> Strange example.  Why you want to authentificate using _both_
> pam_ldap and pam_unix (and have two password prompts -- pam_unix in your
> example have no {use,try}_first_pass option) !?
> This sort of things seemed to be reasonable e.g. in account/session
> stack (but still strange), and maybe for passwd stack (the last is like
> "update both network password and local one, so, e.g. if network will
> be unavailable, you can login using local password").  But not for
> auth.
> And, having proper flags for modules, this also can (probably) be achieved --
> say, add "ignore_on_error" (or, better, "ignore_if_user_not_found")
> flag to module.  Also, trivial reordering will help:
> 
>    required pam_unix
>    sufficient pam_ldap
>    required pam_krb5 try_first_pass
> 
> BTW, one more word can be used in left hand side, something like
> "always-required" (that is like required but used even if some module
> is sufficient).
> 
> 
> Regards,
>  Michael.
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []