Bart Blanquart wrote:
> On 10/06/08 18:33, Nicolas Williams wrote:
>
>>> ... pam_authorized.so.1 profile="Login to %f"
>>>
>> Me too, but I'd prefer if we stored this in /etc/security/policy.conf,
>> not in pam.conf module arguments.
>>
>
> How would that permit per-stack authorizations, if you want to
> differentiate authorizations based on the service being invoked?
>
I agree that for adding new services with custom authorizations it
should be possible to do per-service which really means pam.conf should
work. But similar to other entries in the policy.conf the policy.conf
entry could be the default (or minimum) for pam_authorized with no
arguments, so one could normally avoid changing the stacks of shipped
services unless specifically differentiating one of them from the rest.
-Will
> Bart
> _______________________________________________
> security-discuss mailing list
> security-discuss at opensolaris.org
>
