[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upstart: please update to latest upstream version

]] Russ Allbery 

> Tollef Fog Heen <tfheen@err.no> writes:
> > ]] Steve Langasek 
> >> ssh is going to be the first problem in this regard, though I'm sure
> >> there will be others.  Has someone patched openssh to be cgroup-aware?
> > This is most of what libpam-systemd does.  No need to patch sshd itself.
> Er, "UsePAM no"?

That's «changing sshds configuration» which for most people is on a
completely different scale than patching the application itself.  UsePAM
yes is also the default nowadays.

> sshd has a bunch of non-PAM authentication mechanisms.  It is by no means
> guaranteed that everyone using sshd is using PAM.  Now, we can just say
> "that's broken, you're now required to use PAM," but this isn't a trivial
> change.  (Of course, as noted elsewhere, it may well be that systemd has
> some way of dealing with this already.)

You can use PAM sessions without using PAM auth, for instance if you're
using key authentication.

Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to: