Re: severe deficiencies in our PAM setup
On Sat, Sep 23, 2000 at 09:04:50PM -0400, Greg Stark wrote:
>
> Ok, I was finally trying to read up on PAM to see how to package the kerberos
> PAM module so everything works smoothly. As near as I can tell there's no way
> to do this.
>
> In debian each pam.d file is for a specific service and is populated with
> pam_unix rules by default. There's no concept of the "standard" authentication
> model for a system.
>
> As a result it's easy to install new services, which debian does, but it's
> impossible to configure a new authentication method. Even if the local system
> administrator goes and edits every single pam.d to use the new authentication
> method they get bitten badly every time they install a new service, and have a
> painful upgrade every time they upgrade any of the services they edited.
I've already started working on a new PAM mini-policy for woody that does
your first idea. What I'm leaning toward is using includes/alternatives
(with standard being priority 1) to configure the standard authentication
scheme.
Ben
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: