|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: PAM proposal
From: Daniel Carosone (dan
geek.com.au)
Date: Sat May 07 2005 - 17:59:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, May 08, 2005 at 08:25:19AM +1000, Daniel Carosone wrote:
> One such change which would make it less confusing is to have two
> columns for keywords, one to describe the four possible continuation
> behaviours, another to describe the four possible flag-setting
> behaviours.
On second thought, I think a more useful grouping is "action on
success/action on failure".
This would give us keyword-parts like:
PermitCont
PermitStop
IgnoreCont
IgnoreStop
DenyCont
DenyStop
Or even make the 'Cont' implied:
Permit
PermitStop
Ignore
IgnoreStop
Deny
DenyStop
which you would combine to make up equivalents to the current
keywords:
keyword c:F c:S can succeed force deny
------- --- --- ----------- ----------
required = Permit/Deny yes yes yes yes
requisite = Permit/DenyStop no yes yes yes
sufficient = Permit/Ignore yes yes yes no
optional = Ignore/Ignore yes yes no no
binding = PermitStop/Deny yes no yes yes
and
necessary = Ignore/Deny yes yes no yes
This seems *SO* much clearer to me, and can be done as simple string
aliases in the current syntax.
--
Dan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCfUg0EAVxvV4N66cRAvrJAJ9iObUxtJDBIRhw3M4FWHdZhb4bHgCfS7ZK
FZi5Gacgkdse077r9QsvZsw=
=1lzT
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]