Re: [hylafax-users] PAM problem... group based auth and account bug

[divotre@xxxxxxx]

Hi

I have managed to make Hylafax work with pam_ldap authentification,
but now I would like to make a supplementary test to only allow
certain members of a group to login.

I've tried with pam_access and pam_require
(http://www.splitbrain.org/Programming/C/pam_require/index.php),
but they are "account" modules and it seems that Hylafax ignore
them. For example, with this /etc/pam.d/hylafax:

auth      required   /lib/security/pam_ldap.so
account   required   /lib/security/pam_require.so toto

pam_require logs "login denied for user toto" when I try with lambda
user but access to Hylafax is still allowed.

I have even tested with:
auth      required   /lib/security/pam_ldap.so
account   required   /lib/security/pam_deny.so
and I could login too.

I am sure that PAM is active since modification on the "auth" line has
effects and can refuse authentification.

Is there something I did not understand or is it an Hylafax bug? (or
is it wanted?)

For my problem I think I will use the "pam_groupdn" directive in /etc/ldap.conf
but it is still weird that it did not work, I spent a lot of time trying to
figure out what was wrong...

____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*