On Mon, Oct 06, 2008 at 07:02:49PM +0200, Bart Blanquart wrote: > On 10/06/08 18:33, Nicolas Williams wrote: > >> ... pam_authorized.so.1 profile="Login to %f" > > Me too, but I'd prefer if we stored this in /etc/security/policy.conf, > > not in pam.conf module arguments. > > How would that permit per-stack authorizations, if you want to > differentiate authorizations based on the service being invoked?
But do we need per-service authorizations? If we do, then simply add a service name token (%S) to the profile configured in policy.conf(4) for pam_authorized. Anything, anything but a module argument :) Nico --
