On Sat, Dec 10, Mike Becher wrote: > Hi, > > I have found a module pam_access in Linux-PAM which implements the same > functionallity like the `original' version of pam_login_access from other > platforms like Free BSD or OpenBSD. Additionally we use a pam_login_access > module for Linux on the following sites: TU Chemnitz (Technical > University Chemnitz, Germany) and LRZ (Leibniz Computing Centre, Munich. > Germany). > But there is a problem: > /etc/security/access.conf is used by pam_access as the default > config file and /etc/login.access is used by pam_login_access. So you > can't transparently substituted one module through the other. > Additionally the `new' pam_login_access module developed by Thomas Mueller > (a college from TUC) and me provides enhancements for example like: > * convert hostname to ip address support > * IPv4(/) IPv6 support > * network(address) / netmask support > which are not part of the pam_access and the `original' pam_login_access > module (If you want know more about that please have a look at > http://www-user.tu-chemnitz.de/~mibe/sw/OpenPBS/home.php3 ). > > Now I work on an integration of this module code into Linux-PAM and don't > know what is the better solution. Is it better to provide an additional > module pam_login_access with its own code tree, or to enhance existing > pam_access code with the new features and build two different modules > at compile time where one will then be pam_access and the second will be > pam_login_access. What's the consensus? I see two possibilities: 1. maintain the pam_login_access code outside of Linux-PAM at your own. Gives you a lot of more freedom, and there are a lot of people doing this, too. Including me. 2. Enhance the current pam_access module to support the new functionality with /etc/security/access.conf. But don't make two different modules at compile time from it. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
