Re: packaging PAM modules? anyone?
gsstark@mit.edu (Gregory S. Stark) writes:
> I asked once earlier, but no one responded:
> Does anyone know how PAM modules should be packaged?
You can look at Red Hat for examples.
> Where should they be installed? Is there some way to register them, or some
> script to run to offer the sysadmin the option of making the new module the
> global default? Personally I think PAM modules are one of the big missing
> links for Unix system and no distribution would be complete without a solid
> architecture for dealing with them. We have ppp-pam and pam packages, but how
> does packaging further modules work?
> Kerberos won't be properly supported until there's a PAM module for it
> packaged. There are a couple around, but I have no idea how to package them.
> I don't even know how PAM is configured and I don't use it here at all.
PAM modules go in /lib/security. Programs are configured to use these
modules by editing configuration files in /etc/pam.d/. There is one
file for each client program. These files should be included with
the respective client programs.
(On Solaris, all programs are controlled from one file: /etc/pam.conf.)
A package for a kerberos module would contain the module in
/lib/security, whatever configuration files the module needs in /etc
(like server name, etc), and perhaps a script in /usr/sbin that
adds kerberos to the existing /etc/pam.d/* files.
A longer term goal would be a gtk or newt based program that lets the
user configure security without editting /etc/pam.d/* files directly.
Steve
dunham@cps.msu.edu
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: