On Thu, Mar 6, 2008 at 7:03 AM, Darren J Moffat <Darren.Moffat at sun.com> wrote: > What other PAM modules (from Linux-PAM or other places) would you like > to see included in OpenSolaris distros (specifically in Solaris Express > and the Indiana project distro) ?
Not so much a module, but an approach... If Sun, an ISV, or an IT department delivers a new service that uses PAM authentication, things get really ugly if they can't live with what the "other" PAM service provides because modifying pam.conf is tricky from a scripting point of view. In the world of IPS, postinstall scripts won't exist and I'm not optimistic about IPS doing the right thing for delivering PAM configuration. I would like to see each service (cron, krlogin, krsh, other, ..., rsh) have its own file in /etc/pam.d. The @include directive offered by Linux-PAM is a nice touch as well. On Ubuntu 7.10: $ ls /etc/pam.d atd common-account common-session other ssh vmware-guestd chfn common-auth cron passwd su chsh common-password login ppp sudo $ cat /etc/pam.d/other # # /etc/pam.d/other - specify the PAM fallback behaviour # # Note that this file is used for any unspecified service; for example #if /etc/pam.d/cron specifies no session modules but cron calls #pam_open_session, the session module out of /etc/pam.d/other is #used. If you really want nothing to happen then use pam_permit.so or #pam_deny.so as appropriate. # We fall back to the system default in /etc/pam.d/common-* # @include common-auth @include common-account @include common-password @include common-session $ cat /etc/pam.d/cron # # The PAM configuration file for the cron daemon # @include common-auth auth required pam_env.so @include common-account @include common-session # Sets up user limits, please define limits for cron tasks # through /etc/security/limits.conf session required pam_limits.so -- Mike Gerdts http://mgerdts.blogspot.com/
