You might argue that these are really 3 different modes of operation and they should belong in 3 different PAM modules. But on some Linux systems at least this is all done by a single PAM module that figures out which of those 3 things to do based on the situation.
What does Linux have to do with it? I had a module which worked on Linux and Solaris in 1998 or so... which handled all 3 cases, but did not honor env, though I suppose with the relevant checks you could avoid the attack I was concerned about... which at this point I no longer even remember the details of.
_______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
