From owner-freebsd-security@FreeBSD.ORG  Wed Sep 17 13:13:21 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 18A3F106564A
	for <freebsd-security@freebsd.org>;
	Wed, 17 Sep 2008 13:13:21 +0000 (UTC)
	(envelope-from freebsd-security@dfmm.org)
Received: from dfmm.org (treehorn.dfmm.org [66.180.195.213])
	by mx1.freebsd.org (Postfix) with ESMTP id D853F8FC18
	for <freebsd-security@freebsd.org>;
	Wed, 17 Sep 2008 13:13:15 +0000 (UTC)
	(envelope-from freebsd-security@dfmm.org)
Received: (qmail 91090 invoked by uid 1000); 17 Sep 2008 12:46:34 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
	by localhost with SMTP; 17 Sep 2008 12:46:34 -0000
Date: Wed, 17 Sep 2008 05:46:34 -0700 (PDT)
From: freebsd-security@dfmm.org
X-X-Sender: jason@treehorn.dfmm.org
To: Ivan Grover <ivangrvr299@gmail.com>
In-Reply-To: <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com>
Message-ID: <alpine.BSF.1.00.0809170537440.20266@treehorn.dfmm.org>
References: <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com>
User-Agent: Alpine 1.00 (BSF 882 2007-12-20)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org
Subject: Re: Controlling PAM modules
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2008 13:13:21 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Do i have any standard way to skip one of the PAM module
> with out changing the service conf file.

Why do you not want to change the per-service conf files?  Those files 
_are_ the database.

There are a bunch of strategies that you could use to, e.g., maintain your 
alterations as a diff to the base-system config so to make upgrades 
easier, but a) to answer your question, no, there's nothing standard for 
that, and b) that is an especially risky approach - you could completely 
break your security, letting anyone in, or locking legitimate users out, 
etc.


   -Jason

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQFI0PwqswXMWWtptckRAqLsAJ9taCFEPfVGwY6Rrt3qtLuHVvmNDwCfatyl
S++ho4Gf4Zl/3E6Vjkks26o=
=gGZG
-----END PGP SIGNATURE-----