So after encountering some issues and starting the thread: "Local address from PAM module?", I have decided to bring this up. Would anyone else see it beneficial to add some additional items into _pam_types.h that would be a standardized way for applications to provide a local address, local port, remote address and remote port? Something like: #define PAM_RADDR 11 #define PAM_RPORT 12 #define PAM_LADDR 13 #define PAM_LPORT 14 It could either be that or address and port could be joined in a struct if it was felt that it would be cleaner. I feel like having this information is important, at least for what I'm doing. Particularly, having PAM_RHOST, where your data could be a hostname does not make sense to me. No verification can happen from that if it is a hostname. First of all, a reverse DNS lookup is not guaranteed to yield a hostname that will resolve back to its originating IP (if at all). For example: All IPs in your subnet might resolve to something like: unassigned.mydomain.com. So let's say that 10.0.0.1-10.0.0.254 all resolve to unassigned.mydomain.com. If unassigned.mydomain.com resolves at all, you could only get one result from it. If the IP address were to be stored directly from the sockaddr info, then at least you know that it is the IP that is indeed connected to you (in the case of TCP anyway). I would love for these items to be default. I think it could be beneficial to both myself and anyone needing to base any authentication information off of a local or remote IP and/or port. Regards, -JD- _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list