On Wed, Oct 20, 2004 at 07:55:00AM -0400, Michael Stone wrote: > Well, it is assumed that running a pam module will have some side effect > aside from returning PAM_SUCCESS or PAM_ERR. The fin/rst stuff isn't > possible, but just holding the connection open can easily achived by > running sleep(3) in the pam module.
Yes, it looks like an easy solution, but remembering the ip connection count, to calculate the sleeptime, should be taken inside the application and not inside the module, IMHO. Using PAM as bridge to an connection tracking daemon isn't a perfect design, and should be better replaced by an library, to put it away from PAM. -- Martin Reising mailaddress see header natural computing GmbH http://www.natural-computing.de/ Martener Str. 535 Phone: +49 231 6104850 44379 Dortmund Fax: +49 231 6104840
signature.asc
Description: Digital signature
