#229 add "include" directive to config files
From "Dmitry V. Levin" <ldv <at> altlinux.org>:
A nice feature which I'd like to propose is extending
PAM config file
syntax with one more control directive for including
another configuration
files.
The whole idea is to create few "systemwide" pam
configs and include
parts of them in application pam configs.For example,
/etc/pam.d/system-auth:
#%PAM-1.0
auth required pam_tcb.so shadow fork prefix=$2a$
count=8 nullok
account required pam_tcb.so shadow fork
password required pam_passwdqc.so
min=disabled,24,12,8,7 max=40 passphrase=3 match=4
similar=deny random=42 enforce=users retry=3
password required pam_tcb.so use_authtok shadow fork
prefix=$2a$ count=8 write_to=tcb
session required pam_tcb.so
session required pam_limits.so
/etc/pam.d/su:
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid group=wheel
auth include system-auth
account include system-auth
session include system-auth
session optional pam_xauth.so
In this example, su includes auth, account and session
rules from
system-auth, while password rule is not defined (i.e.
other is used,
which is usually pam_deny.so).
The original idea was suggested by Michael Tokarev in
his message
to owl-devel mailing list on Sat, 20 Apr 2002 02:45:29
+0400.
Logged In: YES
user_id=42864
Applied patch
"Dmitry V. Levin" <ldv@altlinux.org>:
ftp://ftp.altlinux.org/pub/people/ldv/pam/pam-0.77-alt-pam_include.patch
Patch contains:
Implementation of "include" directive for pam config file
syntax.
- added module type PAM_T_ANY needed to know if we are
loading included file or
- let _pam_parse_conf_file() know of new directive
- new function _pam_load_conf_file() used to load "included"
configs
- documentation update