Re: [Pam-developers] [linux-pam] #2: pam_access: group names with brackets
by fedora-badges
#2: pam_access: group names with brackets
---------------------+------------------------------------------------------
Reporter: mmoeller | Owner: pam-developers(a)lists.fedorahosted.org
Type: defect | Status: new
Priority: major | Component: library
Version: | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by tmraz):
Perhaps with the addition of gid/uid matching to the pam_limits, we could
add it to pam_access as well? This would make a possible workaround for
poor admins who have bad characters in the group/user names but it would
not promote the use of such bad characters on itself.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/2#comment:4>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
12 years, 11 months
Mails from trac@ system on this list
by Thorsten Kukuk
Hi,
I changed the mailing list setup so that the mails from the bug tracker
about bug report changes can be send to this list.
I hope that's Ok for everybody.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
12 years, 11 months
Re: [Pam-developers] [linux-pam] #2: pam_access: group names with brackets
by fedora-badges
#2: pam_access: group names with brackets
---------------------+------------------------------------------------------
Reporter: mmoeller | Owner: pam-developers(a)lists.fedorahosted.org
Type: defect | Status: new
Priority: major | Component: library
Version: | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by kukuk):
Replying to [comment:2 tmraz]:
> I think that the group names containing parentheses are really non-
portable.
>
> We could probably make the characters configurable by an pam_access
option, however I am not sure this is worth the complication of the code.
Valid characters for group names are according to POSIX:
[A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.-]
Even the samba "$" isn't really allowed. I think the restrictions makes
much sense and we shouldn't change that.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/2#comment:3>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
12 years, 11 months
Re: [Pam-developers] [linux-pam] #2: pam_access: group names with brackets
by fedora-badges
#2: pam_access: group names with brackets
---------------------+------------------------------------------------------
Reporter: mmoeller | Owner: pam-developers(a)lists.fedorahosted.org
Type: defect | Status: new
Priority: major | Component: library
Version: | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by tmraz):
I think that the group names containing parentheses are really non-
portable.
We could probably make the characters configurable by an pam_access
option, however I am not sure this is worth the complication of the code.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/2#comment:2>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
12 years, 11 months
pam_lastlog: hard error for pure informational message
by Thorsten Kukuk
Hi,
pam_lastlog has currently the following code for a pure informative
message:
/* obtain the failed login attempt records from btmp */
fd = open(_PATH_BTMP, O_RDONLY);
if (fd < 0) {
pam_syslog(pamh, LOG_ERR, "unable to open %s: %m", _PATH_BTMP);
D(("unable to open %s file", _PATH_BTMP));
return PAM_SERVICE_ERR;
}
I think most people will use "optional" for the module in the session
section, so that it shouldn't really matter. On the other side, I don't
think pam_lastlog should fail, if it cannot print the failed login attempts
since the last successful login, because there where none.
Since this only happens if "showfailed" argument is given: shouldn't
we change the return value to PAM_IGNORE or something similar?
Or should we even remove the return code for that function completly?
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
12 years, 11 months