pam_console
Bill Nottingham
notting at redhat.com
Fri Jan 16 20:31:29 UTC 2009
I think it's time to retire pam_console from the default configuration.
For device permissions, we already have the hal/consolekit support which
should be use.
The following packages place the following files in
/etc/security/console.perms.d, and would need modified to work with HAL/CK:
barry-libs: /etc/security/console.perms.d/10-blackberry.perms (quantumburnz)
pam: /etc/security/console.perms.d/50-default.perms (tmraz)
rainbow: /etc/security/console.perms.d/51-rainbow.perms (kantrn)
em8300: /etc/security/console.perms.d/60-em8300.perms (heffer)
jfbterm: /etc/security/console.perms.d/60-jfbterm.perms (mtasaka)
thinkfinger: /etc/security/console.perms.d/60-thinkfinger.perms (?)
svxlink-server: /etc/security/console.perms.d/90-svxlink.perms (lucilanga)
vdr: /etc/security/console.perms.d/95-vdr.perms (scop)
piklab: /etc/security/console.perms.d/icd2.perms (chitlesh)
piklab: /etc/security/console.perms.d/pickit1.perms (chitlesh)
piklab: /etc/security/console.perms.d/pickit2.perms (chitlesh)
I'd be willing to chip in to get these fixed, it shouldn't be that hard.
The second part of pam_console is that it provides the gating information
for userhelper. There are many more apps that use this, and it's a more
involved port to get them to use PolicyKit, or a similar framework. However,
I don't see why we couldn't just port pam_ck_connector.so to drop the
lock file in /var/run/console, and then usermode/userhelper can just
work the same, without having to have a second extraneous pam module. We
can then work on porting the other apps at our leisure.
Opinions?
Bill
More information about the fedora-devel-list
mailing list