Automating pam_keyring...
Jeremy Katz
katzj at redhat.com
Mon Jun 18 16:52:39 UTC 2007
On Mon, 2007-06-18 at 18:10 +0200, Tomas Mraz wrote:
> On Fri, 2007-06-15 at 13:46 -0800, Jeff Spaleta wrote:
> > On 6/15/07, Denis Leroy <denis at poolshark.org> wrote:
> > > Should it use a scriptlet that modifies /etc/pam.d/gdm in
> > > %post (see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232857 ).
> >
> > It should just work for default desktop installs moving forward. I
> > frankly don't care how.
> >
> > > Or add a patch to the gdm package and make it require pam_keyring ?
> >
> > uhm should avoid making this a hard requirement for gdm. Can pam deal
> > with a scenario
> > where pam_keyring is referenced as an optional rule in the auth stack
> > but the pam_keyring module is not actually installed? And don't we at
> > least have to also consider this being used in the pam stack for kdm,
> > since kdm can start a gnome desktop session?
> Pam deals with it fine (allows login for nonexistent 'optional'
> modules), but it will issue a nasty warning in syslog. I think that
> editing gdm config within a %post script is fine.
Editing pam configs in package scriptlets strikes me as a really bad
idea... it's not something that's ever been done and so a lot of people
are going to get very surprised by it. Especially if they've customized
their configs at all. And doing it once is going to set the precedent
for it to be done more...
Jeremy
More information about the fedora-devel-list
mailing list