On Tue, 2005-03-08 at 09:17 +0100, Jan Engelhardt wrote:
> >Why should we allow access if the script failed, and the admin asked
> >that if the script failed, that the login be refused?

>
> Well I think that if login is to be refused, the script should return "normal"
> (WEXITED) with a non-zero status. Anything else looks like a programming
> error, and I was puzzled when there was no indication (syslog printf are
> spare as to not spam /var/log/messages), but normal tty login worked.
>
> >Isn't this something for the script to handle (if it is expected that
> >the script may segfault)?

> It was unexpected


And the failure made you wonder and look at what was the fault :-)
Silently failing is often worst.

Simo.

--
Simo Sorce - idra@samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it