On 10/10/08 22:53, Nicolas Williams wrote:
> - The 'All' RBAC profile is changed to specify a default PAM
> configuration for all users (pam_unix_only)
As I mentioned before: "All" is not the right place to specify a
default, but thinking about it: neither is "Basic Solaris User".
We'd suddenly break logins on systems where not everyone is granted
"Basic Solaris User" while we don't have to:
we could make pam_user_policy try
user_attr(4),
prof_attr(4) for assigned profiles (and any nested profiles),
policy.conf(4) for the default profiles,
(as it does now), but then add a fall back to a policy.conf(4) parameter
that specifies a default PAM configuration.
Bart
