Re: [Pam-mysql-general] PAM order question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

On 2006/01/07, at 14:41, Gary W. Smith wrote:

> Can the optional pam line parameters be stored in the conf file?

use_first_pass / try_first_pass cannot be set in the configuration file.

> And the final question is how can I limit the users to only the active 
> server automatically (assuming I create a field in the database and 
> put a proper where clause in)?

I'm not sure about what you meant by the "active server", but probably 
that
can be achieved by the account management function.

To use the function, specify an expression to the "statcolumn" argument
that indicates the status of the account with the following bitmasks:

- PAM_MYSQL_USER_STAT_EXPIRED (0x0001):
   Indicates that the account is expired.

- PAM_MYSQL_USER_STAT_AUTHTOK_EXPIRED (0x0002):
   Indicates that the authentication token (password) for the account
   needs to be updated. The user will be prompted to supply a new 
password
   by the application that makes use of the PAM facility.

example:

auth    sufficient  pam_mysql.so [statcolumn=if(exp_time >= now(),1,0) 
+ if(passwd_exp_time >= now(),2,0)]

Regards,
Moriyoshi