Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Is this a reasonable approach?
From: Andy Armstrong (andyhexten.net)
Date: Tue Jan 04 2005 - 08:26:26 CST
Tomas Mraz wrote:
> Hmmm, good idea, this really helps to remove the necessary second call
> in another stack. Let's hope that all relevant applications call
> pam_sm_setcred correctly.
Yes, that's the concern - it depends on that call to know that auth
succeeded so if it doesn't get it it'll blacklist remote hosts
incorrectly. So far I've only tested it with sshd which does the right
I guess there might be something that could be done with the 'new'
config syntax that replaces required / requisite / sufficient / optional
with [value1=action1 value2=action2 ...] but I haven't taken the time to
experiment with it yet.
Pam-list mailing list