On Thu, Mar 06, 2008 at 01:21:28PM -0600, Brian Cameron wrote: > Although using least-privilege might not make sense with PAM modules, it > does seem a good idea to try to take advantage of least privilege > technologies when possible. > > Your suggestion to make it possible to configure the privileges for PAM > modules seems like it wouldn't be a horrible idea.
PAM assumes all privileges are required. I think that's an assumption best left alone.
