[nycbug-talk] PAM gurus?
spork at bway.net
Fri Aug 17 01:58:27 EDT 2007
On Wed, 15 Aug 2007, forest mars wrote:
> On 8/14/07, Charles Sprickman <spork at bway.net> wrote:
> I see "required, sufficient, requisite, binding, optional" in the manpage,
>> but I'm lost on what "include" is or how it affects the other lines. If I
>> remove it, things work. I'm worried about just what it did though...
>> Anyone know anything about this? And do I assume "system" means direct
>> auth via the standard passwd db?
> Since your message is timestamped 19 hrs ago I'm assuming you're up to speed
> on this; include simply tells PAM to include all lines of given type from
> the configuration file given as an argument to the specified control-flag.
> It is what it says it is, an include, so that you can *WORM* your config
I must be blind, I kept looking in the "control-flag" section of the
manpage for "include", but it's up at the top:
Entries in per-service policy files must be of one of the two forms
function-class control-flag module-path [arguments ...]
function-class include other-service-name
I don't want any *WORMS* though.
> As for your 'system' module, when called as your config path/file, that
> would seem like an alternate syntax for 'system-auth' which is often/usually
> paired with 'include' to call your system's default authentication rules.
In short it meant include the definition in /etc/pam.d/system
Still looking for a good way to figure out what program calls what pam
service. Some are quite obvious, others are not, and some general pam
debugging info would be really helpful. I know there are flags for each
service, but I'd like something for the whole enchilada; ie: "program
foobuzz asks for auth from grobknob service".
> Forest Mars
> "In theory, theory and practice are exactly the same.
> In practice, they're completely different."
> Switch to Name.Space: http://namespace.org/switch
> Support new domains & keep free media free! Register yours today!
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc.
> and its affiliated companies. (Diffie-Helman/DSS-only version)
> -----END PGP SIGNATURE-----
More information about the talk