IDEA: /etc/pam.d/*/*

[Steve Langasek]

On Sun, Jul 25, 2004 at 10:57:39AM +0100, Luke Kenneth Casson Leighton wrote:
> there is a minor issue of inter-dependence of packages that may
> be resolved by applying the usual debian approach of 
> "if-it-was-a-config-file-make-it-a-directory".

> the issue is that Debian has to cater for SELinux being
> installed and not installed.

> openssh, login, kdm, gdm, su and several other packages all
> require "session pam_selinux.so required" to be added to
> their respective /etc/pam.d/XXX configurations in order for
> SE/Linux to operate correctly.

> Redhat is solving the issue by always enabling SE/Linux by
> default.

> Debian has no such luxury.

> therefore, openssh etc. etc. cannot accept upstream patches
> to have /etc/pam.d/ssh include that line by default, because
> if you do, and pam_selinux.so is not installed, you're hosed.

Er, Debian's support or lack thereof for SELinux doesn't seem terribly
relevant to what OpenSSH ships as a default PAM config, considering all
PAM-supporting Debian packages include fairly heavily-customized
configurations.

-- 
Steve Langasek
postmodern programmer