Date: Mon, 22 Sep 2008 09:47:29 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Ivan Grover" <ivangrvr299@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Controlling PAM modules Message-ID: <86od2gmxke.fsf@ds4.des.no> In-Reply-To: <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com> (Ivan Grover's message of "Wed, 17 Sep 2008 17:23:06 %2B0530") References: <670f29e20809170453o43a2ae37sfd548de1ea7e70be@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ivan Grover" <ivangrvr299@gmail.com> writes: > Suppose i dont want to enable locking of users, then one solution i > can think of is to share a common database across application and pam > modules. The application sets the flag which indicates, if pam_able > is included or not. Then pam_abl module will look into this database > and then return simply PAM_SUCCESS always or process the user > lockouts. Put pam_able in a separate policy that you include in the others. Whenever you want to disable it, just comment out the contents of that policy. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86od2gmxke.fsf>