Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Sep 2008 17:23:06 +0530
From:      "Ivan Grover" <ivangrvr299@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Controlling PAM modules
Message-ID:  <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hi All,
I am trying to use few modules such as
pam_radius - does remote authentication
pam_abl - to lock users/ IP addresses

My Problem is , Do i have any standard way to skip one of the PAM module
with out changing the service conf file.
Suppose i dont want to enable locking of users, then one solution i can
think of is to share a common database across application and pam modules.
The application sets the flag which indicates, if pam_able is included or
not. Then pam_abl module will look into this database and then return simply
PAM_SUCCESS always or process the user lockouts.

Please advise/comment

Best Regards,
Ivan.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?670f29e20809170453o43a2ae37sfd548de1ea7e70be>