Re: pam_login_access vs. pam_access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 31, Mike Becher wrote:

> 1) My patch includes creation of missed manual login.access.5.

Yes, that needs to be removed from Makefile.am. I discussed this with
the other main Linux-PAM developers and we agree that we don't wish to
have the compat code in it.

> 2) If we check if inet_ntop, inet_pton and yp_get_default_domain exists 
> then we should provide some alternativ if configure will them not found.

That's something which needs to be fixed in another way. Instead of
yp_get_default_domain domainname() should be used. Meand we would also
get ride of -lnsl. But are there really systems which don't provide
that function?

> 3) Some correctness in access.conf.5.

Are there real content changes? I could only find reformating.
access.conf.5 is now generated from a xml file, I fixed all the bugs
in it yesterday evening, attached is my latest revesion. 
I removed for example this "su" service from it, su sets PAM_TTY, so
a rule with servie "su" will never work. Services, which set PAM_RHOSTS
or PAM_TTY cannot by used with their name.

There where also comments about group membership, but pam_access does not
have code for this.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk@xxxxxxx
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Attachment: pam_access.diff.gz
Description: application/gunzip

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux