IDEA: /etc/pam.d/*/*
Steve Langasek
vorlon at netexpress.net
Thu Jul 29 08:12:58 UTC 2004
On Sun, Jul 25, 2004 at 10:57:39AM +0100, Luke Kenneth Casson Leighton wrote:
> there is a minor issue of inter-dependence of packages that may
> be resolved by applying the usual debian approach of
> "if-it-was-a-config-file-make-it-a-directory".
> the issue is that Debian has to cater for SELinux being
> installed and not installed.
> openssh, login, kdm, gdm, su and several other packages all
> require "session pam_selinux.so required" to be added to
> their respective /etc/pam.d/XXX configurations in order for
> SE/Linux to operate correctly.
> Redhat is solving the issue by always enabling SE/Linux by
> default.
> Debian has no such luxury.
> therefore, openssh etc. etc. cannot accept upstream patches
> to have /etc/pam.d/ssh include that line by default, because
> if you do, and pam_selinux.so is not installed, you're hosed.
Er, Debian's support or lack thereof for SELinux doesn't seem terribly
relevant to what OpenSSH ships as a default PAM config, considering all
PAM-supporting Debian packages include fairly heavily-customized
configurations.
--
Steve Langasek
postmodern programmer
More information about the Pam-list
mailing list