Re: /etc/pam.d/files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steve Langasek wrote:
> 
[pam_stack example]
> Is this a RedHat-specific module?  It's not part of the Linux-PAM distribution
> or CVS tree.

It comes to me from pam rpm from redhat.  Archive called "pam-redhat-0.72.tar.gz",
and I don't know where it comes from really.  README from
modules/pam_stack in that archive:

------------
This is pam_stack, a module for implementing recursive stacking with
Linux-PAM.  Because it's naughty and accesses some of the internals of
libpam, it's not likely that it can be made to work on anything but
Linux-PAM on Linux, FreeBSD, and other OSs that use Linux-PAM.

In a nutshell, calling pam_stack diverts a PAM stack into another
configuration file.  If the substack executes successfully, pam_stack
returns PAM_SUCCESS.  If the substack fails, pam_stack returns the
error code returned by the internal PAM dispatching routines, which
is typically the code returned by the module that failed.  We make
sure we call the substack just like libpam would by using the same
functions as libpam.

This is primarily of use for when you want a consistent authentication
model for all of your system services, but want to allow the specifics
to change from service to service (like whether or not to use pam_rootok
or pam_securetty).

The module takes only two arguments:
debug           log lots of information to the system log
service=NAME    use as a substack the stack defined for the NAME service,
                usually the name of a file in /etc/pam.d

Nalin Dahyabhai <nalin@redhat.com>
-------------

BTW, it is very small and clean, and, unlike many other modules, it has a man
page!.

Only one thing -- Nalin, you'd better to define some sort of function like
log_err in other modules to do syslogging. ;)  You have tons of syslog calls
in there, and in every place you call openlog(), syslog() and closelog().
I'm just tooooo lazy to write such a things myself... :)
Excuse me please for this statement -- I'm speaking again about your coding
style at the end.  I was unable to be quiet here. Sorry me -- I'm a bad guy, and
know this...
I just can't understand why you have _no_ tons of bugs in your code written
in such a ways.  It is not an easy task, at least for me.

Best regards,
 Michael.
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux