incomplete/insufficient logic for making access decisions
Ivan Popov
pin at math.chalmers.se
Sat Mar 23 07:18:37 EST 2002
On Fri, 22 Mar 2002, Darren J Moffat wrote:
> > # Account service to use for non-PAM authentication. When using
> > # PAM auth, this is always "sshd". When using non-PAM auth (eg rsa)
> > # the configured service name is used. Can contain %a which is
> > # substituted with the auth type. Default is "sshd".
> I very strongly disagree with this. As one of the "keepers" of PAM
> at Sun (the original author) this is the wrong thing to do. Doing this
> increases the complexity of the administration.
>
> There is a better mechanism for doing this in Solaris but it is not yet
> public - we are in the process of doing this just now. I believe it
> solves the issue.
Hello Darren,
thank you for making us aware of that development.
I would appreciate if you could tell us more about it than just the fact
it is going to exist. At least the time perspective (days, weeks, months)
when more information will be available.
Best regards,
--
Ivan
More information about the openssh-unix-dev
mailing list