On Mon, Feb 02, Dustin Kirkland wrote: > > Any ideas/opinions/other choices? > > What about a 3-pass system, as opposed to a 2-pass system? > > Pass 1: assert user is allowed to update > Pass 2: assert this token is okay > Pass 3: commit > > Rather than freezing the chain after the 1st pass, freeze it after the second? Which would mean you need to rewrite all existing PAM modules. That's not an option. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
