Jason King wrote: > As a potential follow on feature (i.e. sometime in the future), what > about being able to store the list of authorizations for the server in > NIS or LDAP?
I'd rather do it now if this is an important feature but only if we can do this without inventing a new schema (or extending an existing one). Part of the reason for including the variable expansion was to allow for this type of configuration. See my other reply where I mentioned having an RBAC profile to store the list of auths. I believe that would help solve this since the profile can be stored in files, NIS, NIS+, LDAP. That should mean that the only config you have to do on a host is specify the name of the RBAC profile as a module argument to pam_authorized and the rest of the policy can be in the nameservice. -- Darren J Moffat
