>>>>> On Fri, 11 May 2001 10:07:49 -0500 (CDT),
>>>>> mills <[EMAIL PROTECTED]> (m) writes:
m> I'm going through the SASL code looking for a place to put account
m> management. Does anyone have a suggestion? SASL does only authentication,
m> using various secret mechanisms, but we need a way for the server to
m> reject the client after authentication succeeded. This might be because
m> the user's account has expired or has been suspended. So far, I haven't
m> found a good place to do this, other than within each of the authentication
m> mechanisms.
well actually...
m> I notice also that a main feature of SASL is that it engages in a
m> dialogue with the client. PAM also does this through its conversation
m> function. Could SASL be made into a PAM module? Is PAM adequate for
m> this purpose?
based on the reading i've done, i believe, like it or not (for
some?), this is precisely what PAM is for. here we use a PAM module
on our solaris and linux boxes to control who can login by looking
for an attribute in an ldap tree. the 'account' facility in PAM is
precisely for what it sounds like you want to do.....
--
Amos
