trying to override the pam_auth attribute

Fri Aug 27 16:47:56 CEST 2021

On Aug 27, 2021, at 10:41 AM, Jonathan Davis <jonathan at prioritycolo.com> wrote:
> 
> On 2021-08-24 9:27 p.m., Alan DeKok wrote:
> 
>>> Looking at mods-enabled/pam I added in following the same synatx: pam_auth = radiusd2
>>> 
>>>   That doesn't tell me a lot.
> 
> That was the only text I had added when I started, not a lot to tell at that point.

  The point is that there are many configuration files, each of which can be hundreds of lines of text.  "I added stuff" tells me nothing.  Where did you add it?  Which file?  Where in the file?

> I got tripped up and originally approached it from the thought that if an attribute (which I was thinking as a variable) was set as "pam_auth" (lowercause and an underscore), that I would be required to updated it by using "pam_auth = <new value>". Having it switch to camel case with a dash wasn't clicking.

  Or use the same name?  I don't know of any programming language where you can change case of variable names, *and* change dashes to underscores, and it will just "do the right thing".

> But I'm eating my humble pie, and having revisited the docs on unlang, the intro about the intention not to create yet another programming language, and re-reading the docs on update with a fresh morning brain free of distractions, I caught that it was the control keyword as the list was missing, and that no list specified was defaulting to request, and am able to override values set in the pam.conf to allow different yubico yubikey_mapping files by specifying different pam configuration files.

  Yup.  Technical details matter.

  Alan DeKok.