New updated Linux-PAM module need some testing...
Auke Kok
sofar at lunar-linux.org
Tue Oct 26 07:18:29 UTC 2004
ratler at lunar-linux.org wrote:
>
>
> On Mon, 25 Oct 2004, Auke Kok wrote:
>
>> ratler at lunar-linux.org wrote:
>>
>>> ...any volounteers?
>>>
>>> The module now contain some very useful pam modules such as
>>> pam_stack and pam_console and a few more. First reason I wanted to
>>> fix this module was because in some rare conditions a bug in PAM
>>> made public keys in ssh to fail when sshd had UsePAM yes enabled. Or
>>> rather the key work, but pam session returned error making the
>>> session to terminate.
>>>
>>> Anyway, i removed a few pam.d/ files that I think should be moved to
>>> it's own lunar module. If this module work (for the few that still
>>> use PAM) im going to modify all pam.d files to use pam_stack, such
>>> as xserver, xdm, kdm, sshd, login and probably a few more, that way
>>> a user only have to modify system-auth and the changes apply to all
>>> pam aware apps.
>>>
>>> Module can be downloaded at
>>> http://people.su.se/~swold/Linux-PAM.tar.bz2
>>
>>
>> works OOTB as far as I can see, can you produce a set of pam.d files
>> and preferably diffs what is going to change in the future?
>>
>> PS I hereby nominate you Knight of PAM :^P
>>
>
> Great. Yea I will go through all PAM aware apps and fix a diff for
> those pam.d files that need changes, however I just want to point out
> that all the current pam.d files will work without _any_ problems with
> the new Linux-PAM module, so no cause of alarm. The changes I'm going
> to make will just make global settings easier to do, edit one file
> instead of all when you want to modify PAM's behavior.
>
> I have one question to you though sofar, the pam.d code in the core,
> it doesn't replace /etc/pam.d files does it?
install_pam_confs ()
{
...
if [ ! -f /etc/pam.d/$FILE ]; then
/usr/bin/install -g 0 -o 0 -m 0600 $FILE /etc/pam.d;
fi;
...
}
so no, it doesn't overwrite existing entries. Note however that files in
/etc/pam.d/ are TRACKED by modules and prepare_install will REMOVE them
(thus they get upgraded automatically as they should).
as long as you don't make personal modifications to them this will work.
as soon as you touch them you will need to wipe them manually before
installing the corresponding module
sofar
More information about the Lunar-dev
mailing list