On Sat, Aug 09, 2003 at 02:01:12PM -0400, Matt Zimmerman arranged a set of bits into the following: > The most elegant solution would seem to be to enhance pam to be able to read > a set of defaults for all programs, which would be overridden by the > /etc/pam.d/* files. This would clean up a lot of other things as well. > I certainly wouldn't want every PAM-using program to ask me what settings to > use; I want them all to do the same thing unless I change their > configuration file. YES! I manage around 30 debian systems, all are installed by first installing the image that we use for clients, then we have to modify them to talk to our LDAP server, unfortunatly because debian won't put in default pam files for other packages to include (There have been several rants about this on d-d, correct package would be libpam-modules) we have to modify EVERY PAM FILE BY HAND (Becuase several packages have strange orderings of pam modules that can cause breakage in the situation where you first auth against LDAP but fall back to files). This would be a simple change to pam-modules and ONE conffile update to all packages that use pam that would make these kind of situations MUCH easier to deal with.
Attachment:
pgpIroJILvqEw.pgp
Description: PGP signature