On 10/08/08 17:35, Nicolas Williams wrote: > Yes, we're going to need to update pam_eval() to search relative config > name paths not just in /usr/lib/security, but also some other place > where customers can place their snippets. I don't know that /etc/pam.d > is a good idea for that (since it has the semantic that file names in > there are service names too), but I'd live with that.
/etc/security/pam ? Putting snippets in pam.d works fine until there's a naming clash between a snippet and a service, so I think it better to avoid that. > Should I post an update to PSARC/2005/275 about this, or do it later? If/when you post the update: would you consider adding a policy.conf PAM_POLICY (later to be replaced by a host_attr(4) key-value pair) default, for those users where no per-user pam_policy exists? (As that offers one big toggle to switchover every user, including the special cases that don't get Basic Solaris User or a site equivalent) Bart
