Igmar Palsenberg <maillist@jdimedia.nl> wrote: > Ok.. We want to able to specify where to find the runtime config. I can't understand, what you will win with this? What processes it should affect? It's a good thing, that root can unlock [vx]lock. Otherwise it must kill the users session if he has locked his session and run away. And I see two problems with a user config. You can say, if the user is valid, befor you have checked it. But the way you can check it, it shown in the config file. And from where the user knows what must stand in the config file? If your system works with something like ldap or nis, the user must take the modules for this. Who tells this him? The admin and thats a great price of work. And your system become insecurer, if anybody, who doesn't know anything about pam, can configure pam. The second problem I see, in some environments you can't read the user files, until the user loged in. An AFS token isn't available, until the user loged in. So I only see a possibility for something like [xv]lock with the disadvantages named above. Joerg. _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
