Re: motd handling in jessie

[Russ Allbery <rra@debian.org>]

Josh Triplett <josh@joshtriplett.org> writes:

> However, I don't think "run a pile of scripts to write out a dynamic
> MOTD at boot time" is a sensible default, either.

Why not?

> I'd suggest putting update-motd and update-motd.d into a separate,
> optional package that users can install if they really want it, and
> using either static files or /etc/issue escape sequences as the default
> to avoid running *anything* at either boot or login time.

This desire to avoid running something at boot is mystifying to me.  Since
when do we try to avoid running things at boot, and why would we?  It's
not like this is going to add any appreciable delay to boot time (and
that's not a huge concern anyway).

>> If you log in with public key authentication, does it even show
>> anything?  I bet it doesn't.

> It does, actually, right next to the time of last login.

Ah, then its man page is wrong.

       pam_issue is a PAM module to prepend an issue file to the username
       prompt

If it actually does what the man page says, it's a pretty bad idea and
will only work with password authentication.  It's also quite likely to
break at least some (admittedly dumb) ssh clients, and wouldn't work with
PasswordAuthentication (as opposed to ChallengeResponseAuthentication).

If it's instead a different variation on pam_motd, that's better.  But I
think it would still be even better to make the login flow as stupid and
simple as possible, not do a bunch of dynamic string expansion in C.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>