[Bug 165899] Review Request: pam_pkcs11 : PKCS #11 PAM login module
bugzilla at redhat.com
bugzilla at redhat.com
Thu Aug 18 20:35:57 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: pam_pkcs11 : PKCS #11 PAM login module
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165899
------- Additional Comments From ville.skytta at iki.fi 2005-08-18 16:35 EST -------
Still just poking around, I have nothing to test this with right now (but will
have later this week), assorted notes (some of them cosmetic):
- I would personally just nuke the whole %{_datadir}/pam_pkcs11 dir, the
same files are already installed in /etc/pki/pkcs11 as config files.
Exception: pam.d_login.example could be added to main package's %doc, it
doesn't seem to be available elsewhere.
- Maybe move the default location of the "default" module to somewhere
below %{_libdir} too, /lib/security appears somewhat kind of
reserved for pam modules and pkcs11_module.so there seems slightly
misplaced to me. This wouldn't cause any /lib vs /usr/lib mountedness
problems; pam_pkcs11.so won't function anyway if /usr is not mounted.
Upstream seems to have changed to /usr/lib/pam_pkcs11/pkcs11_module.so in
svn, http://www.opensc.org/pam_pkcs11/file/trunk/etc/pam_pkcs11.conf.example
- Hardcoded /lib/security in src/pam_pkcs11/Makefile* will probably break on
x86_64 and friends. Maybe "%ifarch x86_64 ppc64 sparc64 ia64" (dunno what's
the exact list of potentially affected archs) and just move the module to
/lib64/security if so.
- Ditto, hardcoded /usr/lib/pkcs11/opensc-pkcs11.so for the opensc PKCS #11
module location and /usr/lib/pam_pkcs11 for the mappers will cause
problems on the above archs.
- %changelog mentions --disable-static, but it's not used
- %defattr missing from -tools
- Doubly-owned %{_sysconfdir}/pki/pkcs11 in both main package and -tools,
doesn't really hurt, though.
With the above taken care of, go ahead and commit to CVS, the rest can be
worked out there before the first build. I'll recheck a bit later when I have
access to a smart card reader again.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list