[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is this a reasonable approach?



Tomas Mraz wrote:
Hmmm, good idea, this really helps to remove the necessary second call
in another stack. Let's hope that all relevant applications call
pam_sm_setcred correctly.

Yes, that's the concern - it depends on that call to know that auth succeeded so if it doesn't get it it'll blacklist remote hosts incorrectly. So far I've only tested it with sshd which does the right thing.


I guess there might be something that could be done with the 'new' config syntax that replaces required / requisite / sufficient / optional with [value1=action1 value2=action2 ...] but I haven't taken the time to experiment with it yet.

--
Andy Armstrong


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]