Menu
▾
▴
Re: [Pam-patches] Audit login denials by pam_access, pam_limits and pam_time
|
From: Thorsten K. <ku...@su...> - 2007-12-07 10:43:22
|
On Fri, Dec 07, Tomas Mraz wrote: > > On Fri, 2007-12-07 at 11:15 +0100, Thorsten Kukuk wrote: > > On Thu, Dec 06, Tomas Mraz wrote: > > > > > This patch is an improved version. There is a new > > > pam_modutil_audit_write() function which is called instead of > > > implementing the auditing directly in each module. Also it is now > > > documented that auditing will happen only when the audit support is > > > compiled in. > > > In pam_access code there are also some changes to fix non-reentrancy of > > > the module code. > > > > > > Please review. > > > > Fine with me, except I don't understand the nonall match > > changes in pam_access? > > The reason is that pam_access can be also used to block by pure user > name match (without the origin) and we do not want to issue this audit > message for this case because it's purpose is specifically for blocking > by origin. Ok, fine with me. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) |