IDEA: /etc/pam.d/*/*
Nalin Dahyabhai
nalin at redhat.com
Wed Jul 28 19:15:04 UTC 2004
On Sun, Jul 25, 2004 at 10:57:39AM +0100, Luke Kenneth Casson Leighton wrote:
> there is a minor issue of inter-dependence of packages that may
> be resolved by applying the usual debian approach of
> "if-it-was-a-config-file-make-it-a-directory".
[snip]
> in other words, the contents of /etc/pam.d/ssh get split into
> a directory, /etc/pam.d/ssh, as follows:
[snip]
> and then, you can install a separate pam-selinux package that
> blats into the mix:
>
> 800_selinux:
>
> session required pam_selinux.so
>
> reckon?
That certainly would provide a way to drop in modules like this, but it
doesn't help solve a very similar problem: if I want to disable use of
pam_cracklib or pam_passwdqc (or another module which does something
similar), I have to not only remove that line from the configuration
file or section of pam.conf, I have to modify the next line as well to
remove the "use_authtok" flag.
There's a less important problem of making libpam skip over files which
it shouldn't read (for example, automatically-generated "backups" made
by text editors).
Nalin
More information about the Pam-list
mailing list