Automating pam_keyring...
Jeff Spaleta
jspaleta at gmail.com
Fri Jun 15 21:46:32 UTC 2007
On 6/15/07, Denis Leroy <denis at poolshark.org> wrote:
> Should it use a scriptlet that modifies /etc/pam.d/gdm in
> %post (see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232857 ).
It should just work for default desktop installs moving forward. I
frankly don't care how.
> Or add a patch to the gdm package and make it require pam_keyring ?
uhm should avoid making this a hard requirement for gdm. Can pam deal
with a scenario
where pam_keyring is referenced as an optional rule in the auth stack
but the pam_keyring module is not actually installed? And don't we at
least have to also consider this being used in the pam stack for kdm,
since kdm can start a gnome desktop session?
> Or do we want to make this feature optional from authconfig ?
I'm not sure if this makes much sense. Since the keyring isn't
referencing any systemwide or networkwide resources when doing the
authing and is inherently a per user thing I'm not sure I see a clear
use case where this needs to be configurable (other than spite.)
> Another issue is how do we update the keyring password when the user
> changes his/her password ?
Do you really want to automate this for all users? Some users might
want a deliberately separate password.
-jef
More information about the fedora-devel-list
mailing list