On Fri, May 05, 2000 at 12:48:10PM -0400, Sergey V Kovalyov wrote: > I playd recently with RadHat and observed a couple of nice features that > Debian should implement as well. > > One thing is pam_console module that allows to change some file ownership > and permission for users logged in from console. It can be used to enable > access to removable media and audio. Ohterwise you either have to give > access to everybody at once ar to root only. > There is also an interesting "consoletool" wrapper that allows to run > certain programs only by console users (and also can replace suid bit for > those programs, and asks for a password). But it is probably less useful > that the pam_console. > > The second feature is pam_xauth module that is used to pass xauth keys > when duing su. Very convenient. Recall how often we get questions about X > connection refused after su. > > It would be very nice to incorporate those two modules into the default > debian configuration. Any takers ? These are both security nightmares, and I would object to them going in as anything other than optional modules with warning messages. -- Mike Stone
Attachment:
pgpqASdR2LxFi.pgp
Description: PGP signature