Automating pam_keyring...

Jeff Spaleta jspaleta at gmail.com
Fri Jun 15 21:46:32 UTC 2007


On 6/15/07, Denis Leroy <denis at poolshark.org> wrote:
> Should it use a scriptlet that modifies /etc/pam.d/gdm in
> %post (see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232857 ).

It should just work for default desktop installs moving forward. I
frankly don't care how.

> Or add a patch to the gdm package and make it require pam_keyring ?

uhm should avoid making this a hard requirement for gdm.  Can pam deal
with a scenario
where pam_keyring is referenced as an optional rule in the auth stack
but the pam_keyring module is not actually installed? And don't we at
least have to also consider this being used in the pam stack for kdm,
since kdm can start a gnome desktop session?

> Or do we want to make this feature optional from authconfig ?
I'm not sure if this makes much sense. Since the keyring isn't
referencing any systemwide or networkwide resources when doing the
authing and is inherently a per user thing I'm not sure I see a clear
use case where this needs to be configurable (other than spite.)

> Another issue is how do we update the keyring password when the user
> changes his/her password ?

Do you really want to automate this for all users? Some users might
want a deliberately separate password.

-jef




More information about the fedora-devel-list mailing list