Re: Possibly incorrect pam.d/* files in many packages

["Nikita V. Youshchenko" <yoush@cs.msu.su>]

> > Almost every text in the internet that is related to LDAP accounts
> > setup, suggests to use 'sufficient' PAM lines. If this is not correct
> > for Debian, this should be documented in a very noticable place! (e.g.
> > in commented-out lines in default /etc/pam.d/common-* files.
>
> The "@some-file" is a Debian extension. RedHat for example has a
> pam_stack.so for similar purpose, but I don't know if and how they
> handle "sufficient" better.
>
> Yes, you're right that this needs documentation. When I was deploying
> LDAP, I didn't find any good documentation, all of them just scratched
> the top of the problems deploying LDAP.
>
>
> Stephen: Can you add the following lines to libpam-ldap/README.Debian
>
> ...

I still think that the example should be included (commented-out of course) 
in common-* files provided by default. This will no hurt anyway, and make 
it almost impossible to keep it unnoticed by admins - even those who read 
documentation only when get problems.