On Thu, Dec 14, 2000 at 08:33:11AM -0600, Benjamin S Vera-tudela wrote: > $ myapp login [user] passwd [password] > Are you sure that you really want to do that? Anyone else on the box can then use ps(1) to get passwords of others. > Second, I noticed in the PAM website that an example application requires > application writers that wish to use PAM to add a couple of lines in the > /etc/pam.conf file that look like this: > > [service name] auth required [pam auth library name] > [service name] account required [pam acct library name] > > Is it possible to avoid having to do this? I believe that one option is to > provide your own authentication module (library) -- in the same way login, > su, and other Linux apps do --, and link your application to that module. > Are there any other options? Having to provide another library in my > application is the last option, so modifying the pam.conf file is probably > ok, but if there is an option that does not require providing a new library > and changing the pam.conf file, I would be glad to know about it. Most pam implementations pay use other (OTHER for HP-UX) as a catchall for apps that do not use any special library. If all of your apps only needed pam_unix, the following would be all that you really need other auth required /lib/security/pam_unix.so.1 other account required /lib/security/pam_unix.so.1 other session required /lib/security/pam_unix.so.1 other password required /lib/security/pam_unix.so.1 Mike
