Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Sep 2008 13:20:44 +0530
From:      "Ivan Grover" <ivangrvr299@gmail.com>
To:        "=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?=" <des@des.no>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Controlling PAM modules
Message-ID:  <670f29e20809230050ved14880m1b5524f0f976d12d@mail.gmail.com>
In-Reply-To: <670f29e20809230044m25792007j6477399cdc4e8fd4@mail.gmail.com>
References:  <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com> <86od2gmxke.fsf@ds4.des.no> <670f29e20809230044m25792007j6477399cdc4e8fd4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
I think there is something like


auth     include        lockout-users

I feel this would be the right way to do this. Thanks ALL for your suggesti=
ons.


On Tue, Sep 23, 2008 at 1:14 PM, Ivan Grover <ivangrvr299@gmail.com> wrote:

> Thanks a lot. Please corrrect if my understanding below is what you have
> suggested.
>
>
> create a separate service conf file such as lockout-users in /etc/pam.d,
> then in my service conf file, i write like this
> auth       required     pam_stack.so service=3Dlockout-users
>
> After that whenever i want to disable the lockout, just edit the
> /etc/pam.d/lockout-users file
> and comment as below:
>
> #auth       required     pam_able.so
>
>
> Best Regards,
> Ivan
>
>
> On Mon, Sep 22, 2008 at 1:17 PM, Dag-Erling Sm=F8rgrav <des@des.no> wrote=
:
>
>> "Ivan Grover" <ivangrvr299@gmail.com> writes:
>> > Suppose i dont want to enable locking of users, then one solution i
>> > can think of is to share a common database across application and pam
>> > modules.  The application sets the flag which indicates, if pam_able
>> > is included or not. Then pam_abl module will look into this database
>> > and then return simply PAM_SUCCESS always or process the user
>> > lockouts.
>>
>> Put pam_able in a separate policy that you include in the others.
>> Whenever you want to disable it, just comment out the contents of that
>> policy.
>>
>> DES
>> --
>> Dag-Erling Sm=F8rgrav - des@des.no
>>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?670f29e20809230050ved14880m1b5524f0f976d12d>