PAM Module Patch and Feature
fcusack at fcusack.com
Mon Mar 26 18:26:05 CEST 2007
On March 26, 2007 10:17:22 AM -0600 David Mitchell <mitchell at ucar.edu>
> Frank Cusack wrote:
>> On March 26, 2007 8:57:38 AM -0600 David Mitchell <mitchell at ucar.edu>
>>> Frank Cusack wrote:
>>>> The new feature is a 'localifdown' option. Previously, you would need
>>>> to be using Linux-PAM and the extended pam.conf syntax to ignore
>>>> PAM_AUTHINFO_UNAVAIL return values. Now, with 'localifdown', the
>>>> module returns PAM_IGNORE instead of PAM_AUTHINFO_UNAVAIL, which works
>>>> for all pam stacks.
>>> Nice. Will this be the case for all timeout situations? Or only if the
>>> local interface is actually down? I was actually experimenting with the
>>> extended syntax last week when I found the timeout problem.
>> All timeouts. Is there a different behavior you would like?
> No, that's perfect. It's just the name that threw me off. I was
> basically doing the exact same thing via the extended syntax. Lke this:
> auth [success=done authinfo_unavail=ignore default=die]
> pam_radius_auth.so debug
Right. 'localifdown' does exactly that without the extended syntax.
More information about the Freeradius-Devel