[nycbug-talk] PAM gurus?

[Charles Sprickman]

Hi all,

I'm having some issues getting telnet + pam_mysql playing well together. 
If I connect to the host with a modern telnet client with SRA auth, all is 
well.  If I use a standard telnet client, the pam auth fails.  What I 
think is happening is that with SRA auth, telnetd is doing the auth (ie: 
/etc/pam.d/telnetd pam config applies).  But when SRA is not being used, 
the login tasks are passed to /bin/login.  I'm trying to get the 
/etc/pam.d/login pam setup right, but the default config has an option 
that I'm not finding in the Free/NetBSD PAM handbooks/manpages.

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_self.so             no_warn
-->>auth            include         system
auth            required        pam_mysql.so            host=...

I see "required, sufficient, requisite, binding, optional" in the manpage, 
but I'm lost on what "include" is or how it affects the other lines.  If I 
remove it, things work.  I'm worried about just what it did though...

Anyone know anything about this?  And do I assume "system" means direct 
auth via the standard passwd db?

Thanks,

Charles

___
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet - www.bway.net
spork at bway.net - 212.655.9344