cvs commit: src/lib/libpam/modules/pam_unix pam_unix.8
pam_unix.c
Yar Tikhiy
yar at comp.chem.msu.su
Tue May 1 19:07:47 UTC 2007
On Mon, Apr 30, 2007 at 02:46:18PM +0100, Ceri Davies wrote:
> On Mon, Apr 30, 2007 at 05:42:28PM +0400, Yar Tikhiy wrote:
> > On Mon, Apr 30, 2007 at 02:15:04PM +0100, Ceri Davies wrote:
> > >
> > > Well, we currently have an *NP* case as per above, but not a *LK* case,
> > > so I disagree somewhat.
> >
> > Why? Now *LOCKED* in FreeBSD is nearly the same as *LK* in Solaris
> > with the only difference being that cron or at doesn't seem to care
> > about it. And a single asterisk works for us as *NP* does in
> > Solaris, although it isn't a prefix, it occupies the whole password
> > field. Did I miss anything?
>
> Well, because of the cron thing :)
If we want to propagate account locking semantics to cron and atrun,
which is a good idea IMHO, we should avoid code duplication. I
haven't yet found a suitable place in src/lib to put the check at,
but we need to find one as more checks can be done there, e.g.,
that for expired account because expired accounts shouldn't run
scheduled jobs either. Any ideas? Of course, the most obvious way
is to add the respective function to libutil, but I'm still unsure
if it's the best way.
--
Yar
More information about the cvs-src
mailing list