On Thu, Oct 2, 2008 at 3:50 PM, Nicolas Williams <Nicolas.Williams at sun.com> wrote: > I like this very much, but I'd like the configuration for this module > not to have to be specified as a module argument -- that could get > unwieldy quick.
Agreed. I'm envisioning a server that runs a J2EE instance (fronted by a SSO enabled web server) for many apps, and has NAS and database dependencies. In order to grant login privileges to all the people that may need to log in, those with any of the following authorizations would need to be allowed to log in for various reasons. com.mycompany.admin.solaris com.mycompany.admin.backups com.mycompany.admin.nas com.mycompany.admin.oracle com.mycompany.admin.weblogic com.mycompany.admin.iws com.mycompany.admin.sso com.mycompany.admin.app.salesguru com.mycompany.admin.app.partyplanner com.mycompany.admin.app.helloworld >From the standpoint of being able to safely manage this, I would be quite a bit happier with the following as an optional way of configuring it. other account required pam_authorized.so.1 authsfile=/etc/MyCompany/loginauths pam.conf is one of those files that I really like to not modify a lot because it makes life really difficult when you get it wrong. -- Mike Gerdts http://mgerdts.blogspot.com/
