Nicolas Williams writes: > And no, you don't have to edit a database, at least not for the files > backend. You may have to edit /etc/security/policy.conf(4), but only > once. And even better, we may provide better interfaces for PAM > configuration than $EDITOR (kclient(1M) already does, imagine us > extending that into a single, simple utility).
Neither policy.conf nor pam.conf (as far as I can tell) can be controlled centrally in any convenient way, so if I want to impose rules on a large organization, I have to choose among: - setting the file contents via jumpstart post-install - creating custom install media - telling all users how to become root and hack these files - going old-school with rdist as root I think that's the complaint -- having to change a file on every single machine, rather than having some central way to control policy. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
