Request for a sponsor and a review of: pam_abl
Tomas Mraz
tmraz at redhat.com
Wed Jul 13 13:50:17 UTC 2005
On Wed, 2005-07-13 at 15:01 +0200, Oliver Falk wrote:
> Tomas, what do you think, should a package uninstall check for entries
> in /etc/pam.d/* and remove it?
>
> Because if you have configured it and at some time want to remove it, it
> could happen:
>
> Jul 13 14:59:05 moon sshd[20970]: PAM unable to
> dlopen(/lib/security/pam_abl.so)
> Jul 13 14:59:05 moon sshd[20970]: PAM [dlerror:
> /lib/security/pam_abl.so: cannot open shared object file: No such file
> or directory]
> Jul 13 14:59:05 moon sshd[20970]: PAM adding faulty module:
> /lib/security/pam_abl.so
>
> :-/
Package uninstall shouldn't mess with /etc/pam.d/* files. (Except of
package's owned files of course.) Administrator must know that rpm -e
some_random_pam_module package can disable his system access if he has
it in system_auth and he must remove it from the system_auth before
uninstalling.
>
> And maybe it should also %ghost /var/lib/abl/hosts.db and users.db, so
> it get's removed properly at uninstall...
This is debatable - the package of a database system shouldn't remove
your databases created using this system either. However this is a very
special kind of a database.
--
Tomas Mraz <tmraz at redhat.com>
More information about the fedora-extras-list
mailing list