[Bug 165899] Review Request: pam_pkcs11 : PKCS #11 PAM login module

bugzilla at redhat.com bugzilla at redhat.com
Thu Aug 18 20:35:57 UTC 2005 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: pam_pkcs11 : PKCS #11 PAM login module


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165899





------- Additional Comments From ville.skytta at iki.fi  2005-08-18 16:35 EST -------
Still just poking around, I have nothing to test this with right now (but will  
have later this week), assorted notes (some of them cosmetic): 
  
- I would personally just nuke the whole %{_datadir}/pam_pkcs11 dir, the 
  same files are already installed in /etc/pki/pkcs11 as config files. 
  Exception: pam.d_login.example could be added to main package's %doc, it 
  doesn't seem to be available elsewhere. 
 
- Maybe move the default location of the "default" module to somewhere 
  below %{_libdir} too, /lib/security appears somewhat kind of 
  reserved for pam modules and pkcs11_module.so there seems slightly 
  misplaced to me.  This wouldn't cause any /lib vs /usr/lib mountedness 
  problems; pam_pkcs11.so won't function anyway if /usr is not mounted. 
  Upstream seems to have changed to /usr/lib/pam_pkcs11/pkcs11_module.so in 
  svn, http://www.opensc.org/pam_pkcs11/file/trunk/etc/pam_pkcs11.conf.example 
 
- Hardcoded /lib/security in src/pam_pkcs11/Makefile* will probably break on 
  x86_64 and friends.  Maybe "%ifarch x86_64 ppc64 sparc64 ia64" (dunno what's 
  the exact list of potentially affected archs) and just move the module to 
  /lib64/security if so. 
 
- Ditto, hardcoded /usr/lib/pkcs11/opensc-pkcs11.so for the opensc PKCS #11 
  module location and /usr/lib/pam_pkcs11 for the mappers will cause 
  problems on the above archs. 
 
- %changelog mentions --disable-static, but it's not used 
 
- %defattr missing from -tools 
 
- Doubly-owned %{_sysconfdir}/pki/pkcs11 in both main package and -tools, 
  doesn't really hurt, though. 
 
With the above taken care of, go ahead and commit to CVS, the rest can be 
worked out there before the first build.  I'll recheck a bit later when I have 
access to a smart card reader again. 

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-extras-list mailing list