From: Tomas M. <tm...@re...> - 2007-12-07 10:35:29
|
On Fri, 2007-12-07 at 11:15 +0100, Thorsten Kukuk wrote: > On Thu, Dec 06, Tomas Mraz wrote: > > > This patch is an improved version. There is a new > > pam_modutil_audit_write() function which is called instead of > > implementing the auditing directly in each module. Also it is now > > documented that auditing will happen only when the audit support is > > compiled in. > > In pam_access code there are also some changes to fix non-reentrancy of > > the module code. > > > > Please review. > > Fine with me, except I don't understand the nonall match > changes in pam_access? The reason is that pam_access can be also used to block by pure user name match (without the origin) and we do not want to issue this audit message for this case because it's purpose is specifically for blocking by origin. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb |