Mike Gerdts wrote:
> On Thu, Mar 6, 2008 at 7:03 AM, Darren J Moffat <Darren.Moffat at sun.com>
> wrote:
>> What other PAM modules (from Linux-PAM or other places) would you like
>> to see included in OpenSolaris distros (specifically in Solaris Express
>> and the Indiana project distro) ?
>
> Not so much a module, but an approach...
>
> If Sun, an ISV, or an IT department delivers a new service that uses
> PAM authentication, things get really ugly if they can't live with
> what the "other" PAM service provides because modifying pam.conf is
> tricky from a scripting point of view. In the world of IPS,
> postinstall scripts won't exist and I'm not optimistic about IPS doing
> the right thing for delivering PAM configuration.
>
> I would like to see each service (cron, krlogin, krsh, other, ...,
> rsh) have its own file in /etc/pam.d. The @include directive offered
> by Linux-PAM is a nice touch as well.
I agree and I've looked at this in the past. IPS might just be the
motivator for us to do this because I DETEST touching or reviewing
i.pamconf changes.
As for the include directive we have that already from pam.conf(4)
include Process the lines from the PAM configuration
file that is specified in the module_path at
this point in the PAM stack. The ``other''
keyword is used if the specified service_name
is not found. 32 levels of included PAM confi-
guration files are supported. Any options are
ignored.
--
Darren J Moffat
