| 1 |
frank goossens writes: |
| 2 |
> hello list; |
| 3 |
> while running etc-update after emerging pam-login-3.14, i noticed that the |
| 4 |
> line: |
| 5 |
> |
| 6 |
> account required /lib/security/pam_access.so |
| 7 |
> |
| 8 |
> is to be removed from /etc/pam.d/login. as i am using a non-default |
| 9 |
> /etc/security/access.conf, this would remove a number of restrictions from |
| 10 |
> my system. |
| 11 |
|
| 12 |
At least on my instalation, it seems that the /etc/pam.d/system-auth |
| 13 |
file takes care of all system authentication, and the other pam files |
| 14 |
only include it through pam_stack.so. Therefore, at least for most |
| 15 |
purposes, the only place you would need to enable pam_access would |
| 16 |
be in /etc/pam.d/system-auth. |
| 17 |
|
| 18 |
So my guess is that since /etc/pam.d/login includes |
| 19 |
/etc/pam.d/system-auth via pam_stack, it is unnecessary to enable |
| 20 |
pam_access.conf explicitly there, so it might have been removed |
| 21 |
for consistency, but without altering behavior. |
| 22 |
|
| 23 |
Bruno T. C. de Oliveira |
| 24 |
GNU/Linux network, Univerdade de São Paulo - Brazil |
| 25 |
btco@×××××××××××××.br |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
gentoo-security@g.o mailing list |
Archives