|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Is this a reasonable approach?
From: Andy Armstrong (andy
hexten.net)
Date: Tue Jan 04 2005 - 08:26:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tomas Mraz wrote:
> Hmmm, good idea, this really helps to remove the necessary second call
> in another stack. Let's hope that all relevant applications call
> pam_sm_setcred correctly.
Yes, that's the concern - it depends on that call to know that auth
succeeded so if it doesn't get it it'll blacklist remote hosts
incorrectly. So far I've only tested it with sshd which does the right
thing.
I guess there might be something that could be done with the 'new'
config syntax that replaces required / requisite / sufficient / optional
with [value1=action1 value2=action2 ...] but I haven't taken the time to
experiment with it yet.
--
Andy Armstrong
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]