Controlling PAM modules
Ivan Grover
ivangrvr299 at gmail.com
Tue Sep 23 07:44:08 UTC 2008
Thanks a lot. Please corrrect if my understanding below is what you have
suggested.
create a separate service conf file such as lockout-users in /etc/pam.d,
then in my service conf file, i write like this
auth required pam_stack.so service=lockout-users
After that whenever i want to disable the lockout, just edit the
/etc/pam.d/lockout-users file
and comment as below:
#auth required pam_able.so
Best Regards,
Ivan
On Mon, Sep 22, 2008 at 1:17 PM, Dag-Erling Smørgrav <des at des.no> wrote:
> "Ivan Grover" <ivangrvr299 at gmail.com> writes:
> > Suppose i dont want to enable locking of users, then one solution i
> > can think of is to share a common database across application and pam
> > modules. The application sets the flag which indicates, if pam_able
> > is included or not. Then pam_abl module will look into this database
> > and then return simply PAM_SUCCESS always or process the user
> > lockouts.
>
> Put pam_able in a separate policy that you include in the others.
> Whenever you want to disable it, just comment out the contents of that
> policy.
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
>
More information about the freebsd-security
mailing list