Gordon Tetlow <gordont_at_gnf.org> writes: > Do you think it might be a good idea to turn all the pam configuration > files to list actual providers at sufficient followed by a pam_deny: No. I'd rather replace "sufficient" with "binding" where appropriate. > > Solaris introduced the "binding" flag to try to alleviate this > > problem. OpenPAM supports "binding", but does not document it > > anywhere. > I'm unfamiliar with this option. What's it do? It behaves like "sufficient" should, i.e. failure is not ignored. I'm working on updating the documentation. DES -- Dag-Erling Smorgrav - des_at_ofug.orgReceived on Thu May 22 2003 - 14:45:49 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:09 UTC