headers
Andy Armstrong | 6 Sep 2006 12:17
Gravatar

A volunteer to maintain pam_abl?

I haven't done anything with pam_abl for months and it doesn't look  
as if I'm going to have time to do anything to it in the near future.  
Is there anyone who might like to volunteer to maintain it?

The main outstanding task I'm aware of is trying to get it working on  
64 bit systems. I don't imagine that will be difficult - but I have  
no time to look at it.

--

-- 
Andy Armstrong, hexten.net
Permalink | Reply | 4 comments |
headers
nipun vyas | 6 Sep 2006 16:26
Picon
Favicon

Re: A volunteer to maintain pam_abl?

hi andy
i m ready to take up the work but only if you can guide me through it
nipun vyas


Andy Armstrong <andy <at> hexten.net> wrote:

I haven't done anything with pam_abl for months and it doesn't look
as if I'm going to have time to do anything to it in the near future.
Is there anyone who might like to volunteer to maintain it?

The main outstanding task I'm aware of is trying to get it working on
64 bit systems. I don't imagine that will be difficult - but I have
no time to look at it.

--
Andy Armstrong, hexten.net

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

Here's a new way to find what you're looking for - Yahoo! Answers
Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW 
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 3 comments |
headers
Andy Armstrong | 6 Sep 2006 16:30
Gravatar

Re: A volunteer to maintain pam_abl?

On 6 Sep 2006, at 15:26, nipun vyas wrote:
> hi andy
> i m ready to take up the work but only if you can guide me through it
> nipun vyas

Splendid, thanks :)

Well pretty much all I know is that it doesn't work as expected on 64  
bit systems. Do you have access to such a system for testing?

--

-- 
Andy Armstrong, hexten.net
Permalink | Reply | 2 comments |
headers
seth vidal | 6 Sep 2006 20:24

pam_access and a .d directory

Hi,
 On our systems we use pam_access quite extensively. We have a base-set
of rules we apply to every server and then some servers require special
rules. We'd love to be able to use something like:

/etc/security/access.conf <-- default rules
/etc/security/access.conf.d/*.conf <-- additional rules concatenated
onto the end of the whole set.

Just like with all the other .d directory changes it would allow us to
drop a file onto the system to let that work w/o having to modify the
access.conf itself.

So my questions are:
 1. is there some way of doing the above currently that I've just missed
in the docs and the source?
 2. if a patch came to the list to do this would it have any chance of
being accepted? I don't know if the pam leads have anything against .d
configuration structures or not so I didn't want to waste anyone's time,
if so.

Thanks!
-sv
Permalink | Reply | 4 comments |
headers
Thorsten Kukuk | 6 Sep 2006 20:26
Picon

Re: pam_access and a .d directory

On Wed, Sep 06, seth vidal wrote:

> Hi,
>  On our systems we use pam_access quite extensively. We have a base-set
> of rules we apply to every server and then some servers require special
> rules. We'd love to be able to use something like:
> 
> /etc/security/access.conf <-- default rules
> /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> onto the end of the whole set.
> 
> Just like with all the other .d directory changes it would allow us to
> drop a file onto the system to let that work w/o having to modify the
> access.conf itself.

The problem is: the order is important, the first matched rule 
found will be used. with a .d directory, you don't have this
control anymore and you can get bad side effects, depending on at
which time which files are created.

  Thorsten

--

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk <at> suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = 8C6B FD92 EE0F 42ED F91A  6A73 6D1A 7F05 2E59 24BB
Permalink | Reply | 3 comments |
headers
seth vidal | 6 Sep 2006 20:40

Re: pam_access and a .d directory

On Wed, 2006-09-06 at 20:26 +0200, Thorsten Kukuk wrote:
> On Wed, Sep 06, seth vidal wrote:
> 
> > Hi,
> >  On our systems we use pam_access quite extensively. We have a base-set
> > of rules we apply to every server and then some servers require special
> > rules. We'd love to be able to use something like:
> > 
> > /etc/security/access.conf <-- default rules
> > /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> > onto the end of the whole set.
> > 
> > Just like with all the other .d directory changes it would allow us to
> > drop a file onto the system to let that work w/o having to modify the
> > access.conf itself.
> 
> The problem is: the order is important, the first matched rule 
> found will be used. with a .d directory, you don't have this
> control anymore and you can get bad side effects, depending on at
> which time which files are created.

Sure - just like with all other .d files - you have to do tricks to make
sure they  are loaded in the right order, certainly.

I don't think this is much different than the .d configs used for apache
or even /etc/profile.d/


-sv
Permalink | Reply | 0 comments |
headers
nipun vyas | 7 Sep 2006 07:04
Picon
Favicon

Re: A volunteer to maintain pam_abl?

hi,
access even i don't have
nipun

Andy Armstrong <andy <at> hexten.net> wrote:

On 6 Sep 2006, at 15:26, nipun vyas wrote:
> hi andy
> i m ready to take up the work but only if you can guide me through it
> nipun vyas

Splendid, thanks :)

Well pretty much all I know is that it doesn't work as expected on 64
bit systems. Do you have access to such a system for testing?

--
Andy Armstrong, hexten.net

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

Here's a new way to find what you're looking for - Yahoo! Answers
Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW 
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 1 comment |
headers
Tomas Mraz | 7 Sep 2006 10:58
Picon
Favicon

Re: pam_access and a .d directory

On Wed, 2006-09-06 at 20:26 +0200, Thorsten Kukuk wrote:
> On Wed, Sep 06, seth vidal wrote:
> 
> > Hi,
> >  On our systems we use pam_access quite extensively. We have a base-set
> > of rules we apply to every server and then some servers require special
> > rules. We'd love to be able to use something like:
> > 
> > /etc/security/access.conf <-- default rules
> > /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> > onto the end of the whole set.
> > 
> > Just like with all the other .d directory changes it would allow us to
> > drop a file onto the system to let that work w/o having to modify the
> > access.conf itself.
> 
> The problem is: the order is important, the first matched rule 
> found will be used. with a .d directory, you don't have this
> control anymore and you can get bad side effects, depending on at
> which time which files are created.

glob() returns found matches in sorted order, although LC_COLLATE should
be set to "C" temporarily, so the sorting order doesn't depend on
locale.

--

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
Permalink | Reply | 1 comment |
headers
Andy Armstrong | 7 Sep 2006 12:06
Gravatar

Re: A volunteer to maintain pam_abl?

On 7 Sep 2006, at 06:04, nipun vyas wrote:
> hi,
> access even i don't have
> nipun

?

--

-- 
Andy Armstrong, hexten.net
Permalink | Reply | 0 comments |
headers
Thorsten Kukuk | 7 Sep 2006 13:57
Picon

Linux-PAM 0.99.6.3 released


Hello,

The Linux-PAM developement team is pleased to announce the release
of version 0.99.6.3.

This release fixes mainly bugs when compiling with an older toolchain
and adds a new module: pam_loginuid.so.

Release 0.99.6.3

* pam_loginuid: New PAM module.
* pam_access, pam_succeed_if: Support passwd and session services.

 Your Linux-PAM development team

--

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk <at> suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = 8C6B FD92 EE0F 42ED F91A  6A73 6D1A 7F05 2E59 24BB
Permalink | Reply | 0 comments |

Gmane