From owner-freebsd-security@FreeBSD.ORG Wed Sep 17 12:09:03 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0EEA51065672 for ; Wed, 17 Sep 2008 12:09:03 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: from ag-out-0708.google.com (ag-out-0708.google.com [72.14.246.246]) by mx1.freebsd.org (Postfix) with ESMTP id BC4D68FC1A for ; Wed, 17 Sep 2008 12:09:02 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: by ag-out-0708.google.com with SMTP id 8so5870267agc.3 for ; Wed, 17 Sep 2008 05:09:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=XSVI/6zfeARfFfF1kZ09fL6q1qfFyhWzuPf+GLpytew=; b=vXpmt/L1kE9kac6T+MEfBg1lPCkAlBKrf2AXtjxQlgxaNlrFo+53yhCBpm++EPwzBA DlkvswqtYVRum6V9adeRSn/6sVEcijcgrGvSt7aPrYH+gpfAS+KZfE2yQ0lNBu+mf3BQ UCWNQtUOldQN7M4GRq0FE5uD/s7u3xjvF3yaM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=NcyxoIYJ1rT85x6xHPwL9QPPtuxEkyLfDbavVhLKwRKQJyjEINnN4o60/jYnZrc8lJ Bit475D5ovZv40cXYt89mvEeuG3nifDkVLCVLI9IQbh3yrs8MhHf4CV3ipyR/JZ4s1vy 24yrX7YFp+gfgXUEL+iUlTT8m73Ow1fs1PYE8= Received: by 10.100.125.12 with SMTP id x12mr3182877anc.159.1221652386791; Wed, 17 Sep 2008 04:53:06 -0700 (PDT) Received: by 10.100.93.16 with HTTP; Wed, 17 Sep 2008 04:53:06 -0700 (PDT) Message-ID: <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com> Date: Wed, 17 Sep 2008 17:23:06 +0530 From: "Ivan Grover" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Controlling PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2008 12:09:03 -0000 Hi All, I am trying to use few modules such as pam_radius - does remote authentication pam_abl - to lock users/ IP addresses My Problem is , Do i have any standard way to skip one of the PAM module with out changing the service conf file. Suppose i dont want to enable locking of users, then one solution i can think of is to share a common database across application and pam modules. The application sets the flag which indicates, if pam_able is included or not. Then pam_abl module will look into this database and then return simply PAM_SUCCESS always or process the user lockouts. Please advise/comment Best Regards, Ivan.