pam_login_access vs. pam_access
Thorsten Kukuk
kukuk at suse.de
Mon Dec 12 15:21:20 UTC 2005
On Sat, Dec 10, Mike Becher wrote:
> Hi,
>
> I have found a module pam_access in Linux-PAM which implements the same
> functionallity like the `original' version of pam_login_access from other
> platforms like Free BSD or OpenBSD. Additionally we use a pam_login_access
> module for Linux on the following sites: TU Chemnitz (Technical
> University Chemnitz, Germany) and LRZ (Leibniz Computing Centre, Munich.
> Germany).
> But there is a problem:
> /etc/security/access.conf is used by pam_access as the default
> config file and /etc/login.access is used by pam_login_access. So you
> can't transparently substituted one module through the other.
> Additionally the `new' pam_login_access module developed by Thomas Mueller
> (a college from TUC) and me provides enhancements for example like:
> * convert hostname to ip address support
> * IPv4(/) IPv6 support
> * network(address) / netmask support
> which are not part of the pam_access and the `original' pam_login_access
> module (If you want know more about that please have a look at
> http://www-user.tu-chemnitz.de/~mibe/sw/OpenPBS/home.php3 ).
>
> Now I work on an integration of this module code into Linux-PAM and don't
> know what is the better solution. Is it better to provide an additional
> module pam_login_access with its own code tree, or to enhance existing
> pam_access code with the new features and build two different modules
> at compile time where one will then be pam_access and the second will be
> pam_login_access. What's the consensus?
I see two possibilities:
1. maintain the pam_login_access code outside of Linux-PAM at your
own. Gives you a lot of more freedom, and there are a lot of
people doing this, too. Including me.
2. Enhance the current pam_access module to support the new functionality
with /etc/security/access.conf. But don't make two different modules
at compile time from it.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Pam-list
mailing list