Controlling PAM modules
Dag-Erling Smørgrav
des at des.no
Mon Sep 22 08:07:10 UTC 2008
"Ivan Grover" <ivangrvr299 at gmail.com> writes:
> Suppose i dont want to enable locking of users, then one solution i
> can think of is to share a common database across application and pam
> modules. The application sets the flag which indicates, if pam_able
> is included or not. Then pam_abl module will look into this database
> and then return simply PAM_SUCCESS always or process the user
> lockouts.
Put pam_able in a separate policy that you include in the others.
Whenever you want to disable it, just comment out the contents of that
policy.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list