PAM Module Patch and Feature

David Mitchell mitchell at ucar.edu
Mon Mar 26 18:17:22 CEST 2007


Frank Cusack wrote:
> On March 26, 2007 8:57:38 AM -0600 David Mitchell <mitchell at ucar.edu> wrote:
>> Frank Cusack wrote:
>>> The new feature is a 'localifdown' option.  Previously, you would need
>>> to be using Linux-PAM and the extended pam.conf syntax to ignore
>>> PAM_AUTHINFO_UNAVAIL return values.  Now, with 'localifdown', the module
>>> returns PAM_IGNORE instead of PAM_AUTHINFO_UNAVAIL, which works for
>>> all pam stacks.
>> Nice. Will this be the case for all timeout situations? Or only if the
>> local interface is actually down? I was actually experimenting with the
>> extended syntax last week when I found the timeout problem.
> 
> All timeouts.  Is there a different behavior you would like?

No, that's perfect. It's just the name that threw me off. I was
basically doing the exact same thing via the extended syntax. Lke this:
auth [success=done authinfo_unavail=ignore default=die]
pam_radius_auth.so debug

-David


> 
> -frank
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html


-- 
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------



More information about the Freeradius-Devel mailing list