On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote: > Gordon Tetlow <gordont_at_gnf.org> writes: > > Do you think it might be a good idea to turn all the pam configuration > > files to list actual providers at sufficient followed by a pam_deny: > > No. I'd rather replace "sufficient" with "binding" where appropriate. > > > > Solaris introduced the "binding" flag to try to alleviate this > > > problem. OpenPAM supports "binding", but does not document it > > > anywhere. > > I'm unfamiliar with this option. What's it do? > > It behaves like "sufficient" should, i.e. failure is not ignored. > You mean, _last_ failure is not ignored? -- Ruslan Ermilov Sysadmin and DBA, ru_at_sunbay.com Sunbay Software AG, ru_at_FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:09 UTC