On Fri, Mar 14, 2003 at 03:36:08AM +0100, Bernd Eckenfels wrote:
> On Thu, Mar 13, 2003 at 08:05:41PM -0600, Steve Langasek wrote:
> > I understand that Linux-PAM supports a straightforward $include syntax
> > that could be used in place of pam_stack, to much better effect. The
> > place to start is by patching libpam0g to provide suitable config
> > snippets that can be included by applications.
> I feel it would be valuable, if the pam directory contains only the rule
> "others" and the exceptions (for example "passwd"). That way a policy change
> affects less files and a good overview of the current exceptions is given.
> I dont know how many packages install a pam file for a reason, I think most
> can live with a default stack, no?
On my system at a glance, these services have PAM config files that need
to be distinguished from /etc/pam.d/other for one reason or another:
cron
*ftp
gdm{,-autologin}
kde
login
ppp
ssh
su
There are many others that ought to be turned into example files as
suggested, or removed altogether. Leaving them as .ex files provides a
useful hint as to the PAM service name (infuriating when you can't
figure it out), so this might be best.
--
Steve Langasek
postmodern programmer
Attachment:
pgpx2o04IuNjG.pgp
Description: PGP signature