updates without password?
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Feb 25 23:54:05 UTC 2008
Valent Turkovic wrote:
> 2008/2/25 Mikkel L. Ellertson <mikkel at infinity-ltd.com>:
>> Valent Turkovic wrote:
>> > 2008/2/22 Mikkel L. Ellertson <mikkel at infinity-ltd.com>:
>> >> Valent Turkovic wrote:
>> >> > How can I configure pup so that it doesn't ask for root password every
>> >> > time I need to do an update?
>> >> >
>> >> One way would be to edit /etc/pam.d/pup and change it to something like:
>> >>
>> >> #%PAM-1.0
>> >> auth include config-util
>> >> auth sufficient pam_console.so
>> >> account include config-util
>> >> session include config-util
>> >>
>> >> I have not tested it, but it should let the "console owner" run pup
>> >> without a password. If it does not work, you can try exchanging the
>> >> two auth statements, but this is more of a security risk. (It
>> >> probably does not matter for a home system.)
>> >
>> > I wouldn't do this if it wasn't my personal home system...
>> >
>> > I did this and I'm waiting for updates to let you know if it works :)
>> >
>> > Thank you.
>> >
>> > Cheers,
>> > Valent.
>> >
>> >
>> Well, if I make it:
>> #%PAM-1.0
>>
>> auth sufficient pam_console.so
>> auth include config-util
>>
>> account include config-util
>> session include config-util
>>
>> I can run pup from the command line without it asking for root's
>> password. So unless the applet is calling something different, it
>> should work.
>>
>>
>>
>> Mikkel
>
> This doesn't work:
>
> # cat /etc/pam.d/pup
> #%PAM-1.0
> auth include config-util
> auth sufficient pam_console.so
> account include config-util
> session include config-util
>
>
> but this works:
>
> # cat /etc/pam.d/pup
> #%PAM-1.0
> auth sufficient pam_console.so
> auth include config-util
> account include config-util
> session include config-util
>
>
> I followed the previous post that had "auth sufficient
> pam_console.so" as a second line but it only works if you put it as
> first line, as you wrote here...
>
> Thanks!
>
> Valent.
>
I am glad to hear it. I was not sure if the first form would work.
That is why I added "If it does not work, you can try exchanging the
two auth statements" in the first message. I guess I should have
been clearer in that message. I know just enough about how PAM does
things to be dangerous.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080225/fd084d27/attachment-0001.sig>
More information about the fedora-list
mailing list