[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Automating pam_keyring...

Jeremy Katz wrote:
On Mon, 2007-06-18 at 18:10 +0200, Tomas Mraz wrote:
On Fri, 2007-06-15 at 13:46 -0800, Jeff Spaleta wrote:
On 6/15/07, Denis Leroy <denis poolshark org> wrote:
Should it use a scriptlet that modifies /etc/pam.d/gdm in
%post (see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232857 ).
It should just work for default desktop installs moving forward. I
frankly don't care how.

Or add a patch to the gdm package and make it require pam_keyring ?
uhm should avoid making this a hard requirement for gdm.  Can pam deal
with a scenario
where pam_keyring is referenced as an optional rule in the auth stack
but the pam_keyring module is not actually installed? And don't we at
least have to also consider this being used in the pam stack for kdm,
since kdm can start a gnome desktop session?
Pam deals with it fine (allows login for nonexistent 'optional'
modules), but it will issue a nasty warning in syslog. I think that
editing gdm config within a %post script is fine.

Editing pam configs in package scriptlets strikes me as a really bad
idea...  it's not something that's ever been done and so a lot of people
are going to get very surprised by it.  Especially if they've customized
their configs at all.  And doing it once is going to set the precedent
for it to be done more...

I tend to agree, but what's the alternative ?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]