On Fri, Mar 14, 2003 at 03:36:08AM +0100, Bernd Eckenfels wrote: > On Thu, Mar 13, 2003 at 08:05:41PM -0600, Steve Langasek wrote: > > I understand that Linux-PAM supports a straightforward $include syntax > > that could be used in place of pam_stack, to much better effect. The > > place to start is by patching libpam0g to provide suitable config > > snippets that can be included by applications. > I feel it would be valuable, if the pam directory contains only the rule > "others" and the exceptions (for example "passwd"). That way a policy change > affects less files and a good overview of the current exceptions is given. > I dont know how many packages install a pam file for a reason, I think most > can live with a default stack, no? On my system at a glance, these services have PAM config files that need to be distinguished from /etc/pam.d/other for one reason or another: cron *ftp gdm{,-autologin} kde login ppp ssh su There are many others that ought to be turned into example files as suggested, or removed altogether. Leaving them as .ex files provides a useful hint as to the PAM service name (infuriating when you can't figure it out), so this might be best. -- Steve Langasek postmodern programmer
Attachment:
pgpx2o04IuNjG.pgp
Description: PGP signature