-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Hollis wrote: > pam_abl works great in general, though it doesnt work at all on x86_64 > at the moment. maybe someone more clued on pam can fix it. > http://www.hexten.net/bugzilla/show_bug.cgi?id=12 I understand that the way pam_abl detects the end of a failed auth attempt is dependent upon services calling the PAM functions in a particular way - perhaps this is different on x86_64s to their predecessors? I've suggested to the author that he might like to consider adopting an approach similar to pam_tally of having auth and account modules (rather than just auth). That way it can log an attempted login under the auth module and then clear it under the account section. If the auth module is invoked again without there having been a corresponding account invokation, then the previous login failed and can be recorded. I'd also like to use pam_abl to protect services which authenticate while non-root, such as httpd and php, but I would also like to protect my db files... One method might be to use sql databases instead and to hardcode the database details at compile time... Or maybe look into whether pam modules can be set UID'ed. When I get time, I intend to start looking at implementing these in pam_abl/something similar - the auth/account separation might be just what's needed on the x86_64 platform. Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ0MaWugNmph0Y1E2AQJJQRAAiFJOvjbibv1azcEHMb12ncI5fxPVYd6b gKC8bCK7oh1G2zf8KcOKKoHBkdCLZ7AVnplwPdPbkfTfNgsSTqvHnhhjYPt6dXQQ R774QHJR0h0DWODtK6InGN997Zw70++6EosgoVQHhqTAD5thRoLnwHYieFqwcbGM DsyZmFHGg2pO3fbfF3EGHocZDWihDhKf1rPoU2IWaU8MkIaHI5yHyHY5cGjojFnr pnz1Et6WeStp1xvkenLgW7Ov+He4i6H3q9yWF4gGkZrK5WBJxh8fjKxkSMQMVsqS Vj9T/hb3Es9yV2P5w21pXxqPe+MdONvSiqsvkhGIp6DqUqCooJ4N79IJ6nYR4SKn 13h6gmOXwy/FLgDGjiUHYmF/JmHWy3aHKS2opHE9PM3JbJ4qLeWMaHm/zWMK2aaJ EMTT847y2A8Ptz5h9KiH/lIH6KEdsazSnQVAimo334gpm/P7o+QYQyjNt3mmLHJb efvycD//OaPpmUNBBIz1sqo5IIi34PPxbnOw/96fzFEIdTqBtwgK12+h3MaIrcB4 h5TU4wNp8Shzg/wVi2/gibkAY9cteZ6CSLtQEVSogo8UmLfQm0QNE8Fof7nY97pZ FUJAQk16WLlWEgBx/beviGib+q6lGg5zb8lmZ6m+i9L7xrWxodm4s+PkbLHsnoB/ mwKePcEom/U= =VpBf -----END PGP SIGNATURE----- _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
