I wouldn't want to do that. I was simply imagining what a boolean
equation configuration systemmight look like.
I understand the current PAM config system pretty well, and my current
PAM config needs are pretty simple.
Nico
On Fri, Aug 18, 2000 at 09:44:11PM +0400, Michael Tokarev wrote:
> Nicolas Williams wrote:
> >
> []
> >
> > Imagine if you could have something more like this:
> >
> > telnet auth { ((pam_ldap || pam_krb5 try_first_pass) && pam_unix) || fail }
> >
> > Actually, a boolean spec might be easier to parse and edit in software
> > than the current line oriented system. It might be harder for humans to
> > parse though...
>
> Strange example. Why you want to authentificate using _both_
> pam_ldap and pam_unix (and have two password prompts -- pam_unix in your
> example have no {use,try}_first_pass option) !?
> This sort of things seemed to be reasonable e.g. in account/session
> stack (but still strange), and maybe for passwd stack (the last is like
> "update both network password and local one, so, e.g. if network will
> be unavailable, you can login using local password"). But not for
> auth.
> And, having proper flags for modules, this also can (probably) be achieved --
> say, add "ignore_on_error" (or, better, "ignore_if_user_not_found")
> flag to module. Also, trivial reordering will help:
>
> required pam_unix
> sufficient pam_ldap
> required pam_krb5 try_first_pass
>
> BTW, one more word can be used in left hand side, something like
> "always-required" (that is like required but used even if some module
> is sufficient).
>
>
> Regards,
> Michael.
>
>
>
> _______________________________________________
>
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
--
