[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

pam library (and dependancy) policies

I searched the mail list archives but nothing obvious turned up.

I'm attempting to package a project that has a handful of both
executables and libraries.  

One of the libraries is a pam module that AFAIK depends on the some of
the other shared libraries.  Currently, my package installs the shared
libraries in /usr/lib.  I'm now trying to figure out what to do with the
PAM library.

the first issue is that the ./configure script has no way to say
'install the PAM library here'.  It basically goes where ever the other
libraries go - /usr/lib.

Now, I see that other Debian PAM libraries go into /lib/security/.  I
understand the motivation for having PAM libraries under /lib, so I want
my PAM library to go there as well.  As I understand it, we want PAM
libs in /lib so they're available even when /usr may not be - eg. early
in boot or a stripped-down system.  some people like to nfs-mount /usr
for example - what if the server's down.

well, if /usr is unavailable, my PAM lib may fail to work even if it
were installed in /lib/security due to the fact that it depends on other
libs that are in /usr/lib.  This means I may want to in fact have the
PAM lib's dependancies installed in /lib as well.

It seems my choices are:
1- install my PAM lib and its dependancies under /lib
2- install my PAM lib and its dependancies under /usr/lib
3- install my PAM lib in /lib/security and its dependancies under
4- put my PAM lib in /lib/security and patch the source to statically
link the needed functions

2&3 seem risky in that PAM may fail to work in the absence of /usr
1 runs the risk of cluttering /lib with unnecessary libs
4 seems the best solution in the end but I would need to then maintain a
patch which may not be accepted by the upstream

What's the correct solution?  Is there a policy on PAM and these sorts
of issues?

any other suggestions?

     Innovation Software Group, LLC - http://www.innovationsw.com/
                Computer Automation Specialists
                 UNIX, Linux and Java Training

Reply to: