PSARC 2006/283 Certificate & PKCS#11 PAM, module
Darren J Moffat
Darren.Moffat at sun.com
Fri Apr 4 01:48:25 PDT 2008
Garrett D'Amore wrote:
>> The "auditable administration" question was answered already - there
>> is no auditable interface for any PAM configuration files or any other
>> files that are managed via "vi" (or whatever editor) for that matter.
>
> I didn't see the answer in the mail log. Managing files via "vi" is
> certainly possible, but it isn't clear to me that "vi" is the solution
> for system administration. "vi" can't be audited, so its reasonable
> that a CLI be provided which *can* be audited, and also "controlled" via
> RBAC.
This case is no different in the configuration required in pam.conf or
in the modules own config file than things like pam_list (PSARC/2003/674
which was approved 2007-02-28).
--
Darren J Moffat
More information about the opensolaris-arc
mailing list