Date: Thu, 24 Jun 1999 13:43:09 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: "John W. DeBoskey" <jwd@unx.sas.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Login validation by home directory location (PAM?) Message-ID: <Pine.OSF.4.10.9906241336520.30529-100000@bragg> In-Reply-To: <199906240404.AAA34801@bb01f39.unx.sas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Jun 1999, John W. DeBoskey wrote: > There must be a better way of doing this, but I don't see > how. I've looked at PAM, but I don't understand how I could make > this type of facility work except maybe in the pam_authenticate() > routine. However, this seems complicated compared to simply > modifying auth_traditional(). Disclaimer: I'm only just reading about how PAM works, I haven't written any PAM modules. This sounds like a job for a PAM `account' module: these permit access to resources based on non-authentication mechanisms (such as time of day, whether you're on the system console or on the network, etc). It shouldn't be too difficult <tm> to write a module to permit/deny logins based on machine name and the user home directory, or whatever. PAM being modular, you would just insert this module into the relevant resource access stack in the config file. Check out the Linux-PAM documentation at http://www.au.kernel.org/pub/linux/libs/pam/Linux-PAM-doc.tar.gz which seems (from what I've read so far) quite good. Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9906241336520.30529-100000>