[nycbug-talk] PAM gurus?

Charles Sprickman spork at bway.net
Fri Aug 17 01:58:27 EDT 2007

On Wed, 15 Aug 2007, forest  mars wrote:

> On 8/14/07, Charles Sprickman <spork at bway.net> wrote:
> I see "required, sufficient, requisite, binding, optional" in the manpage,
>> but I'm lost on what "include" is or how it affects the other lines.  If I
>> remove it, things work.  I'm worried about just what it did though...
>> Anyone know anything about this?  And do I assume "system" means direct
>> auth via the standard passwd db?

> Since your message is timestamped 19 hrs ago I'm assuming you're up to speed
> on this; include simply tells PAM to include all lines of given type from
> the configuration file given as an argument to the specified control-flag.
> It is what it says it is, an include, so that you can *WORM* your config
> info.

I must be blind, I kept looking in the "control-flag" section of the 
manpage for "include", but it's up at the top:

      Entries in per-service policy files must be of one of the two forms

            function-class control-flag module-path [arguments ...]
            function-class include other-service-name

I don't want any *WORMS* though.

> As for your 'system' module, when called as your config path/file, that
> would seem like an alternate syntax for 'system-auth' which is often/usually
> paired with 'include' to call your system's default authentication rules.

In short it meant include the definition in /etc/pam.d/system

Still looking for a good way to figure out what program calls what pam 
service.  Some are quite obvious, others are not, and some general pam 
debugging info would be really helpful.  I know there are flags for each 
service, but I'd like something for the whole enchilada; ie:  "program 
foobuzz asks for auth from grobknob service".



> hth,
> Forest Mars
> -- 
> "In theory, theory and practice are exactly the same.
> In practice, they're completely different."
> ------------------------------------------------------------------
> Switch to Name.Space: http://namespace.org/switch
> Support new domains & keep free media free! Register yours today!
> https://secure.name-space.com/registry
> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc.
> and its affiliated companies. (Diffie-Helman/DSS-only version)
> iQA/AwUBRkjTLDbz7LySoccvEQJDcQCguZZj4M4kOVOlOX4CtbgR0rppsdovAjra
> 3RRXIlkdzuYI0YJz4WyvKlTn
> =MLhk

More information about the talk mailing list