[redhat-lspp] Some enhancements for pam_namespace
Klaus Weidner
klaus at atsec.com
Mon Jun 4 17:10:37 UTC 2007
On Fri, Jun 01, 2007 at 09:47:17AM +0200, Tomas Mraz wrote:
> I've implemented some enhancements for pam_namespace which can be used
> for temporary logons. These enhancements were proposed by Dan Walsh.
> Please review if you're interested.
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241226
> https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155825
I like the functionality, but I'm starting to think that pam_namespace
may get too complex if too many special cases get added. Rather than
implementing a complex ad-hoc language for the namespace conf file, would
it make sense to provide the option of calling an external script, giving
it username and context etc. as arguments, and using its output as a list
of namespace configurations?
That way, you could keep policy decisions in the script.
-Klaus
More information about the redhat-lspp
mailing list