Deprecating pam_stack.so
Bernardo Innocenti
bernie at develer.com
Wed Oct 12 00:06:15 UTC 2005
Tomas Mraz wrote:
> Linux-PAM 0.78 and later contains include directive which obsoletes
> using the pam_stack module. This module is rather a hack as it requires
> access to pam library internals for its operation and will never be
> accepted to upstream.
Thank you. Simplifying PAM configuration was badly needed.
I have a few wishlist entries to submit, if you have time to
consider them:
- For some reason, pam_ldap interacts strangely with pam_unix.
Even tough pam_unix comes before it and is "sufficient",
nobody can login when the network is down or slapd is down.
Also, you can login as root with root's password from ldap
even tough there's a valid root entry in /etc/passwd.
- Many pam.d files still use the absolute path "/lib/security/$ISA/"
that doesn't seem to be useful anymore and looks weird on
bi-arch systems such as x86_64.
- Something similar of pam_ssh would be much cleaner than the
current hack of running ssh-agent in GDM's session. gpg-agent
support would also be welcome.
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
More information about the fedora-devel-list
mailing list