From owner-cvs-all  Thu Mar  7  2:20:48 2002
Delivered-To: cvs-all@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5D99C37B404; Thu,  7 Mar 2002 02:20:38 -0800 (PST)
Received: (from uucp@localhost)
	by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g27AKar51076;
	Thu, 7 Mar 2002 10:20:36 GMT
	(envelope-from mark@grimreaper.grondar.za)
Received: from grimreaper (localhost [127.0.0.1])
	by grimreaper.grondar.org (8.12.2/8.12.2) with ESMTP id g27AHBRV008209;
	Thu, 7 Mar 2002 10:17:11 GMT
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200203071017.g27AHBRV008209@grimreaper.grondar.org>
To: "Brian F. Feldman" <green@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules modules.inc src/lib/libpam/modules/pam_alreadyloggedin Makefile pam_alreadyloggedin.8 pam_alreadyloggedin.c 
References: <200203070015.g270F4A43670@green.bikeshed.org> 
In-Reply-To: <200203070015.g270F4A43670@green.bikeshed.org> ; from "Brian F. Feldman" <green@FreeBSD.org>  "Wed, 06 Mar 2002 19:15:04 EST."
Date: Thu, 07 Mar 2002 10:17:11 +0000
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> Mark Murray <mark@grondar.za> wrote:
> > I suspect that the pam_self module should take the responsibility
> > for doing what this does, probably with the assistance of some
> > appropriate options.
> 
> I'm not sure; I think it's probably worth keeping them logically separate 
> since they don't perform very similar actions, although they allow a
> somewhat similar policy to be implemented.

The actions are not as important (in this case) as the policy. Remember
that PAM is a policy tool, and the more you can bundle appropriate
policy together for the sysadmin, the easier you make her life. :-)

> > I have a (minor) problem with the name; it's too clumsy.
> 
> Yeah, but I would like to know of a better one (without just moving the 
> ugliness to the name of the option used ;)  Thanks for checking it out!

pam_self ;-)

Seriously, pam_loggedin is already better, but still too clumsy (but
not as clumsy as before).

(free association mode: pam_connected; pam_on; pam_live; pam_active;
pam_authenticated - of these, I dislike pam_active the least)

M
-- 
o       Mark Murray
\_
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message