On Tue, 28 Sep 2004, Jason DiCioccio wrote: > Thanks Jason (wow, there's a lot of Jasons).. This was unfortunately > the answer I was expecting. The reason behind the PAM module is so > that we wouldn't have to modify the code for our various services each > time we wanted to upgrade them. However, I suppose adding a couple of > lines to the code is still a lot better than having to add ~200 lines. I don't think it would require that much code if you really wanted to do it completely inside PAM. In fact, all you should need to do is to define an extra pam item (say, PAM_LHOST to complement PAM_RHOST) and then add the necessary logic in your module which should only be a few lines of code - the specifics being reserved to the configuration object. You could send in a patch so that the main distribution might have the same thus allowing you to keep up to date with PAM releases without worrying about patching for this local issue. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ ADSL Broadband from just £22.50 / month _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
