On 9 Oct 2000, Dustin Puryear wrote: > I suppose by using the acct stack I get past the authentication issue > entirely. However, can I assume that all services will actually use the > acct stack? I know that at a minimum they will be using the auth stack, > and that's why I went that route. It seems to me that the acct stack > presents the same problem as the session stack--not everyone will use it. While opening and closing a 'session' does not make sense for all applications, it always makes sense for a PAMified application to call pam_acct_mgmt(), as this is the module that does account authorization checks. I've never seen an application that called pam_authenticate() but not pam_acct_mgmt(), and I would be inclined to argue that an application that did so was not properly PAMified, as it is this second function which checks for things such as expired passwords. Steve Langasek postmodern programmer
