FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 06-01-2011, 10:43 AM
Stanisław Findeisen
 
Default pam_listfile

Hi

It looks that pam_listfile only allows to restrict *source* user set and
*not* *target* user set.

Here's the debian-user discussion:
http://lists.debian.org/debian-user/2011/05/msg02054.html

Is there any way to do what I want?

If I write a patch for pam_listfile, will you accept it to Debian? Where
is the source code?

Or maybe that should be a new PAM module?

I tried to contact guys listed in pam_listfile man page:

> AUTHOR
> pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> and Elliot Lee <sopwith@cuc.edu>.

but they seem to be bouncing (both).

--
Eisenbits - proven software solutions: http://www.eisenbits.com/
OpenPGP: E3D9 C030 88F5 D254 434C 6683 17DD 22A0 8A3B 5CC0
 
Old 06-01-2011, 02:28 PM
Josselin Mouette
 
Default pam_listfile

Le mercredi 01 juin 2011 Ã* 12:43 +0200, StanisÅ‚aw Findeisen a écrit :
> Hi
>
> It looks that pam_listfile only allows to restrict *source* user set and
> *not* *target* user set.
>
> Here's the debian-user discussion:
> http://lists.debian.org/debian-user/2011/05/msg02054.html
>
> Is there any way to do what I want?

The answer has already been given by 2 different people: use sudo.

--
.'`. Josselin Mouette
: :' :
`. `'
`-


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1306938493.11568.225.camel@pi0307572">http://lists.debian.org/1306938493.11568.225.camel@pi0307572
 
Old 06-01-2011, 06:24 PM
Steve Langasek
 
Default pam_listfile

On Wed, Jun 01, 2011 at 12:43:46PM +0200, Stanisław Findeisen wrote:

> It looks that pam_listfile only allows to restrict *source* user set and
> *not* *target* user set.

That's not true at all. item=user *is* the target user set. (Source user
set would be the seldom-used item=ruser.)

> Here's the debian-user discussion:
> http://lists.debian.org/debian-user/2011/05/msg02054.html

> Is there any way to do what I want?

As already suggested, sudo does seem to be a better fit for what you're
trying to achieve.

pam_listfile isn't going to give you any reasonable mapping for applicant /
target user *pairs*; you only get "this list of users are allowed access to
this other list of users".

> If I write a patch for pam_listfile, will you accept it to Debian?

No. It would have to go upstream first; but I'll say that such a patch is
unlikely to be accepted.

> Where is the source code?

I think that's more of a question for debian-user anyway, but:

$ dpkg -S /lib/security/pam_listfile.so
libpam-modules: /lib/security/pam_listfile.so
$ debcheckout libpam-modules
declared bzr repository at nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/
bzr branch nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/ libpam-modules ...
[...]

> Or maybe that should be a new PAM module?

It could be. But I'm skeptical that such a module would be of widespread
interest.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
 

Thread Tools




All times are GMT. The time now is 12:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org