pam_chauthok and froozen chain problems
Thorsten Kukuk
kukuk at suse.de
Mon Feb 2 16:37:23 UTC 2009
On Mon, Feb 02, Dustin Kirkland wrote:
> > Any ideas/opinions/other choices?
>
> What about a 3-pass system, as opposed to a 2-pass system?
>
> Pass 1: assert user is allowed to update
> Pass 2: assert this token is okay
> Pass 3: commit
>
> Rather than freezing the chain after the 1st pass, freeze it after the second?
Which would mean you need to rewrite all existing PAM modules.
That's not an option.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Pam-list
mailing list