Re: Controlling PAM modules

I think there is something like

auth include lockout-users

I feel this would be the right way to do this. Thanks ALL for your suggestions.

On Tue, Sep 23, 2008 at 1:14 PM, Ivan Grover <ivangrvr299@xxxxxxxxx> wrote:

Thanks a lot. Please corrrect if my understanding below is what you have

create a separate service conf file such as lockout-users in /etc/pam.d,
then in my service conf file, i write like this
auth required service=lockout-users

After that whenever i want to disable the lockout, just edit the
/etc/pam.d/lockout-users file
and comment as below:

#auth required

Best Regards,

On Mon, Sep 22, 2008 at 1:17 PM, Dag-Erling Smørgrav <des@xxxxxx> wrote:

"Ivan Grover" <ivangrvr299@xxxxxxxxx> writes:
Suppose i dont want to enable locking of users, then one solution i
can think of is to share a common database across application and pam
modules. The application sets the flag which indicates, if pam_able
is included or not. Then pam_abl module will look into this database
and then return simply PAM_SUCCESS always or process the user

Put pam_able in a separate policy that you include in the others.
Whenever you want to disable it, just comment out the contents of that

Dag-Erling Smørgrav - des@xxxxxx

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"