[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upstart: please update to latest upstream version

Tollef Fog Heen <tfheen@err.no> writes:
> ]] Russ Allbery 

>> Er, "UsePAM no"?

> That's «changing sshds configuration» which for most people is on a
> completely different scale than patching the application itself.  UsePAM
> yes is also the default nowadays.

That reduces the scope of affected users, but it doesn't eliminate the
problem.  It means that anyone installing systemd needs to be aware that
they need to convert ssh to use PAM if it isn't currently, which is an
unintuitive connection.

There will be similar problems with, for example, Kerberos klogind (and
there I'm not sure it even has PAM support).

> You can use PAM sessions without using PAM auth, for instance if you're
> using key authentication.

Yes, I know.  But they previously haven't done much useful for you, so
it's not unreasonable to turn it off.  Turning off unused features in a
security interface is usually good practice.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: