incomplete/insufficient logic for making access decisions

[Ivan Popov]

On Fri, 22 Mar 2002, Darren J Moffat wrote:

> >     # Account service to use for non-PAM authentication.  When using
> >     # PAM auth, this is always "sshd".  When using non-PAM auth (eg rsa)
> >     # the configured service name is used.  Can contain %a which is
> >     # substituted with the auth type.  Default is "sshd".

> I very strongly disagree with this.  As one of the "keepers" of PAM
> at Sun (the original author) this is the wrong thing to do.  Doing this
> increases the complexity of the administration.
>
> There is a better mechanism for doing this in Solaris but it is not yet
> public - we are in the process of doing this just now.  I believe it
> solves the issue.

Hello Darren,

thank you for making us aware of that development.

I would appreciate if you could tell us more about it than just the fact
it is going to exist. At least the time perspective (days, weeks, months)
when more information will be available.

Best regards,
--
Ivan