On 10/06/08 15:57, Glenn Faden wrote: > You could use \ for this. There are at least two places where these > files are parsed, so I'm not sure everything is consistent. The SMC has > its own parser written in Java. It is primarily used before colon, > semicolon and equal. I don't think is is necessary to escape % since it > has no existing meaning in these files.
I was wondering if we should do something to permit someone who, right now, has a configuration where auths(1) for a user returns: solaris.device.cdrw,solaris.profmgr.read,(etc),com.xyzcompany.%h which would break if we do our substitution routine (as we'd be checking for "com.xyzcompany.hostname" while the user would have "com.xyzcompany.%h"). I don't think anyone has such a configuration, but as we've not disallowed the unescaped use of "%" wanted to check if we need to find some way of dealing with it (I would say no, and just add "%" to the list of reserved characters in auth_attr(4) that need to be escaped when needed, pointing to pam_authorized(5) for the interpretation of %* components). Bart
