Controlling PAM modules

Dag-Erling Smørgrav des at des.no
Mon Sep 22 08:07:10 UTC 2008


"Ivan Grover" <ivangrvr299 at gmail.com> writes:
> Suppose i dont want to enable locking of users, then one solution i
> can think of is to share a common database across application and pam
> modules.  The application sets the flag which indicates, if pam_able
> is included or not. Then pam_abl module will look into this database
> and then return simply PAM_SUCCESS always or process the user
> lockouts.

Put pam_able in a separate policy that you include in the others.
Whenever you want to disable it, just comment out the contents of that
policy.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-security mailing list