Controlling PAM modules
Ivan Grover
ivangrvr299 at gmail.com
Tue Sep 23 07:50:46 UTC 2008
I think there is something like
auth include lockout-users
I feel this would be the right way to do this. Thanks ALL for your suggestions.
On Tue, Sep 23, 2008 at 1:14 PM, Ivan Grover <ivangrvr299 at gmail.com> wrote:
> Thanks a lot. Please corrrect if my understanding below is what you have
> suggested.
>
>
> create a separate service conf file such as lockout-users in /etc/pam.d,
> then in my service conf file, i write like this
> auth required pam_stack.so service=lockout-users
>
> After that whenever i want to disable the lockout, just edit the
> /etc/pam.d/lockout-users file
> and comment as below:
>
> #auth required pam_able.so
>
>
> Best Regards,
> Ivan
>
>
> On Mon, Sep 22, 2008 at 1:17 PM, Dag-Erling Smørgrav <des at des.no> wrote:
>
>> "Ivan Grover" <ivangrvr299 at gmail.com> writes:
>> > Suppose i dont want to enable locking of users, then one solution i
>> > can think of is to share a common database across application and pam
>> > modules. The application sets the flag which indicates, if pam_able
>> > is included or not. Then pam_abl module will look into this database
>> > and then return simply PAM_SUCCESS always or process the user
>> > lockouts.
>>
>> Put pam_able in a separate policy that you include in the others.
>> Whenever you want to disable it, just comment out the contents of that
>> policy.
>>
>> DES
>> --
>> Dag-Erling Smørgrav - des at des.no
>>
>
>
More information about the freebsd-security
mailing list