what does the "$ISA" mean in my pam configuration file , thanks!
Thorsten Kukuk
kukuk at suse.de
Fri Nov 23 23:28:48 UTC 2007
On Fri, Nov 23, Andrew Morgan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If you don't include any path, do you get the right behavior anyway?
>
> auth required pam_deny.so
Yes, this is the best solution, don't use a path at all. But some
distributions think (thought?) that not using the full path could
be a security risk. I prefer to only specify the module without path.
Thorsten
> Cheers
>
> Andrew
>
> Thorsten Kukuk wrote:
> > On Fri, Nov 23, liuruihong wrote:
> >
> >> /etc/pam.d/other
> >>
> >> #%PAM-1.0
> >>
> >> auth required /lib/security/$ISA/pam_deny.so
> >>
> >> account required /lib/security/$ISA/pam_deny.so
> >>
> >> password required /lib/security/$ISA/pam_deny.so
> >>
> >> session required /lib/security/$ISA/pam_deny.so
> >>
> >>
> >>
> >> what does the "$ISA" mean?
> >
> > That's for 'biarch' systems, so that you can use a full
> > path to the modules for 32bit and 64bit.
> >
> > For example, on such a system a 32bit application would
> > translate $ISA to ".", a 64bit application to "../../lib64/security"
> >
> > Thorsten
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHRz0C+bHCR3gb8jsRAij6AKCabAcsFhGaEoioXwp7c/97apXitgCgsKun
> A4FJUAjDwN8LxV4CXO2IJEA=
> =NuBm
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Pam-list
mailing list