OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Controlling PAM modules

From: Dag-Erling Smørgrav (desdes.no)
Date: Mon Sep 22 2008 - 02:47:29 CDT


"Ivan Grover" <ivangrvr299gmail.com> writes:
> Suppose i dont want to enable locking of users, then one solution i
> can think of is to share a common database across application and pam
> modules. The application sets the flag which indicates, if pam_able
> is included or not. Then pam_abl module will look into this database
> and then return simply PAM_SUCCESS always or process the user
> lockouts.

Put pam_able in a separate policy that you include in the others.
Whenever you want to disable it, just comment out the contents of that
policy.

DES
--
Dag-Erling Smørgrav - desdes.no
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"