Automating pam_keyring...
Denis Leroy
denis at poolshark.org
Mon Jun 18 18:26:57 UTC 2007
Jeremy Katz wrote:
> On Mon, 2007-06-18 at 18:10 +0200, Tomas Mraz wrote:
>> On Fri, 2007-06-15 at 13:46 -0800, Jeff Spaleta wrote:
>>> On 6/15/07, Denis Leroy <denis at poolshark.org> wrote:
>>>> Should it use a scriptlet that modifies /etc/pam.d/gdm in
>>>> %post (see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232857 ).
>>> It should just work for default desktop installs moving forward. I
>>> frankly don't care how.
>>>
>>>> Or add a patch to the gdm package and make it require pam_keyring ?
>>> uhm should avoid making this a hard requirement for gdm. Can pam deal
>>> with a scenario
>>> where pam_keyring is referenced as an optional rule in the auth stack
>>> but the pam_keyring module is not actually installed? And don't we at
>>> least have to also consider this being used in the pam stack for kdm,
>>> since kdm can start a gnome desktop session?
>> Pam deals with it fine (allows login for nonexistent 'optional'
>> modules), but it will issue a nasty warning in syslog. I think that
>> editing gdm config within a %post script is fine.
>
> Editing pam configs in package scriptlets strikes me as a really bad
> idea... it's not something that's ever been done and so a lot of people
> are going to get very surprised by it. Especially if they've customized
> their configs at all. And doing it once is going to set the precedent
> for it to be done more...
I tend to agree, but what's the alternative ?
More information about the fedora-devel-list
mailing list