[OpenAFS-devel] Re: new features for pam_afs

[Carsten Jacobi]

On Thu, Aug 30, 2001 at 10:00:44AM -0400, Todd M. Lewis wrote:

> You might be interested in the ideas behind my "propup" PAM module. It's
> [...]
> I ran into). The file you might want is propup.tgz.

Took a look at it ... not what I actually need here currently, but I bookmarked
the URL because I like the idea behind. Maybe I will need it somewhen ... ;-)
At the moment I want to keep all users in the passwd file regardless of their
permission to log in. We need this because of the "ls -l" thing.

On Thu, Aug 30, 2001 at 10:00:44AM -0400, Derrick J Brashear wrote:

> The pam_listfile (I think) module included in linux-pam should give the
> ability to use a simple flat file.

Strike! Thank you for that hint. I combined it with "pam_stack" in order to
achieve what we need here. So I gave the pam_stack module a "sufficient" and
in the stack a "requisite" to pam_listfile so that users in the flat file will
now be grabbed by pam_afs and all others slip through to the other pam modules
(pam_unix or pam_pwdb). Unfortunately, pam_listfile still has to be patched
because it blocks the call to pam_sm_authenticate() but not to pam_sm_setcred.
Anyways, this does not belong here and I already removed "check_pw_entry" from
my patch (code and doc).
Once more thanks for your patience ... that really helped

Carsten Jacobi