[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configurable service name advice wanted



On Tue, 9 Jun 1998, Duncan Haldane wrote:

> It appears that however xdm is configured for PAM,
> that will be appropriate for kde.

> So kdm is using  the service name "xdm" as the default.

> This way the installer will not necessarily need root
> access to configure a pam service.  (assumes the
> installer may be allowed to compile and run stuff without
> being root (the screenlock part, at least, but not kdm of course)

This all sounds reasonable to me, although one thing you might want to
keep in mind is that some pam *modules* require root access (e.g.,
anything which needs to access to a shadow file).. I believe pam_pwdb
offers an suid helper application (or did) to minimize the security
issues, but I don't know that I've ever seen it in use--only in the source
tree.

> Another possibility is to configure the service name in a
> root-access-only configuration file.
Hmm, sounds like trouble to me, with no clear advantages.  That would just
be one more file to maintain, and I don't see people needing to frequently
change the service name for kdm.  Choose a default service name, and
packagers will do likewise, and anyone who really feels the need to change
the service name should know enough to recompile it on their own, IMO.

                            -Steve Langasek
-doink-



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []