pam_login_access vs. pam_access
Mike Becher
Mike.Becher at lrz-muenchen.de
Sat Dec 10 12:44:57 UTC 2005
Hi,
I have found a module pam_access in Linux-PAM which implements the same
functionallity like the `original' version of pam_login_access from other
platforms like Free BSD or OpenBSD. Additionally we use a pam_login_access
module for Linux on the following sites: TU Chemnitz (Technical
University Chemnitz, Germany) and LRZ (Leibniz Computing Centre, Munich.
Germany).
But there is a problem:
/etc/security/access.conf is used by pam_access as the default
config file and /etc/login.access is used by pam_login_access. So you
can't transparently substituted one module through the other.
Additionally the `new' pam_login_access module developed by Thomas Mueller
(a college from TUC) and me provides enhancements for example like:
* convert hostname to ip address support
* IPv4(/) IPv6 support
* network(address) / netmask support
which are not part of the pam_access and the `original' pam_login_access
module (If you want know more about that please have a look at
http://www-user.tu-chemnitz.de/~mibe/sw/OpenPBS/home.php3 ).
Now I work on an integration of this module code into Linux-PAM and don't
know what is the better solution. Is it better to provide an additional
module pam_login_access with its own code tree, or to enhance existing
pam_access code with the new features and build two different modules
at compile time where one will then be pam_access and the second will be
pam_login_access. What's the consensus?
Best regard,
mike
-----------------------------------------------------------------------------
Mike Becher Mike.Becher at lrz-muenchen.de
Leibniz-Rechenzentrum der http://www.lrz.de
Bayerischen Akademie der Wissenschaften phone: +49-89-289-28721
Gruppe Hochleistungssysteme fax: +49-89-280-9460
Barer Strasse 21
D-80333 Muenchen
Germany
-----------------------------------------------------------------------------
More information about the Pam-list
mailing list