On Thu, 2006-09-07 at 10:58 +0200, Tomas Mraz wrote: > On Wed, 2006-09-06 at 20:26 +0200, Thorsten Kukuk wrote: > > On Wed, Sep 06, seth vidal wrote: > > > > > Hi, > > > On our systems we use pam_access quite extensively. We have a base-set > > > of rules we apply to every server and then some servers require special > > > rules. We'd love to be able to use something like: > > > > > > /etc/security/access.conf <-- default rules > > > /etc/security/access.conf.d/*.conf <-- additional rules concatenated > > > onto the end of the whole set. > > > > > > Just like with all the other .d directory changes it would allow us to > > > drop a file onto the system to let that work w/o having to modify the > > > access.conf itself. > > > > The problem is: the order is important, the first matched rule > > found will be used. with a .d directory, you don't have this > > control anymore and you can get bad side effects, depending on at > > which time which files are created. > > glob() returns found matches in sorted order, although LC_COLLATE should > be set to "C" temporarily, so the sorting order doesn't depend on > locale. I was actually thinking of just stealing the code to do this from ldconfig, if it is something steal-able. :) -sv _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
