On Wed, 2006-09-06 at 20:26 +0200, Thorsten Kukuk wrote: > On Wed, Sep 06, seth vidal wrote: > > > Hi, > > On our systems we use pam_access quite extensively. We have a base-set > > of rules we apply to every server and then some servers require special > > rules. We'd love to be able to use something like: > > > > /etc/security/access.conf <-- default rules > > /etc/security/access.conf.d/*.conf <-- additional rules concatenated > > onto the end of the whole set. > > > > Just like with all the other .d directory changes it would allow us to > > drop a file onto the system to let that work w/o having to modify the > > access.conf itself. > > The problem is: the order is important, the first matched rule > found will be used. with a .d directory, you don't have this > control anymore and you can get bad side effects, depending on at > which time which files are created. Sure - just like with all other .d files - you have to do tricks to make sure they are loaded in the right order, certainly. I don't think this is much different than the .d configs used for apache or even /etc/profile.d/ -sv _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
