From owner-freebsd-hackers  Wed Jun 23 21:15: 6 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
	by hub.freebsd.org (Postfix) with ESMTP id 3D94A14CAA
	for <freebsd-hackers@freebsd.org>; Wed, 23 Jun 1999 21:15:03 -0700 (PDT)
	(envelope-from kkennawa@physics.adelaide.edu.au)
Received: from bragg (bragg [129.127.36.34])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id NAA27622;
	Thu, 24 Jun 1999 13:44:59 +0930 (CST)
Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM)
	id AA02269; Thu, 24 Jun 1999 13:43:10 +0930
Date: Thu, 24 Jun 1999 13:43:09 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
X-Sender: kkennawa@bragg
To: "John W. DeBoskey" <jwd@unx.sas.com>
Cc: freebsd-hackers@freebsd.org
Subject: Re: Login validation by home directory location (PAM?)
In-Reply-To: <199906240404.AAA34801@bb01f39.unx.sas.com>
Message-Id: <Pine.OSF.4.10.9906241336520.30529-100000@bragg>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 24 Jun 1999, John W. DeBoskey wrote:

>    There must be a better way of doing this, but I don't see
> how. I've looked at PAM, but I don't understand how I could make
> this type of facility work except maybe in the pam_authenticate()
> routine. However, this seems complicated compared to simply
> modifying auth_traditional().

Disclaimer: I'm only just reading about how PAM works, I haven't written any
PAM modules.

This sounds like a job for a PAM `account' module: these permit access to
resources based on non-authentication mechanisms (such as time of day, whether
you're on the system console or on the network, etc).

It shouldn't be too difficult <tm> to write a module to permit/deny logins
based on machine name and the user home directory, or whatever. PAM being
modular, you would just insert this module into the relevant resource access
stack in the config file.

Check out the Linux-PAM documentation at
http://www.au.kernel.org/pub/linux/libs/pam/Linux-PAM-doc.tar.gz
which seems (from what I've read so far) quite good.

Kris

-----
"Never criticize anybody until you have walked a mile in their shoes,
because by that time you will be a mile away and have their shoes."
    -- Unknown



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message