I'd really like to have pam_stack, and pam_oneof, and, and, well, all this is really an expansion of the PAM config system. In the absence of a more flexible config language pam_stack will do. Nico On Fri, Aug 18, 2000 at 10:31:31AM -0500, Steve Langasek wrote: > On Fri, 18 Aug 2000, Michael Tokarev wrote: > > > Yes. In never pam distribution there is a pam_stack module. > > RedHat 7 beta uses this module heavily. Here is the idea: > > > in /etc/pam.d/system-auth file (pseudo service): > > auth required pam_unix.so ... > > account required pam_unix.so ... > > session required pam_unix.so ... > > passwd required ... > > i.e. you put here all your usual pam modules that are used > > mostly, and more-or-less "standard". > > in each individual service file, you put: > > /etc/pam.d/login: > > auth required pam_securetty.so > > auth required pam_stack.so service=system-auth > > account required pam_stack.so service=system-auth > > session required pam_stack.so service=system-auth > > ... > > With this, you have only one standard set of pam modules > > that can be used for any application, and each app can add > > it's own custom modules, or completely ovewrite particular > > stack or all stacks. If you want to change "system-default" > > set of modules, you will want to edit only system-auth file. > > Is this a RedHat-specific module? It's not part of the Linux-PAM distribution > or CVS tree. > > Another option, which has been supported by PAM for a long time, is to > configure the /etc/pam.d/other config file with whatever you want your default > options to be. If these defaults are reasonable for a given service, that > service doesn't need its own config file. Of course, any service that needs > something that isn't in the default stack will need a complete config file of > its own. > > I personally think it would be good if distributions took this route. > RedHat's default for /etc/pam.d/other right now is to use pam_deny for > everything, but this really seems unnecessary to me when the config file could > be put to much better use. > > Steve Langasek > postmodern programmer > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list --
