A recommendation regarding the files within /etc/pam.d/

[Thorsten Kukuk]

On Tue, May 20, Matthew A. R. Sherian wrote:

> I want to create local variants of the contents of /etc/pam.d. I am
> creating my own system-auth-{foo} and want to the update many of the
> network services to point to this. This is a straight-forward task, but
> my concern is over the fact that various packages already own those
> files.

Since you seem to use RPM: No problem. If the packages are packaged
correct, just go ahead and modify them.

> I see that I have three options. I could use a post-install to
> inplace edit the extant files, which would bust the rpm --verify for
> some of the packages.

If this packages are build correct and the pam.d config files are marked
as config, you will be notified, that the config has changed. This is
exactly the desired behavior.

> I could move the files that exist to .rpmorig, I
> could move the files out of the way and symlink to the appropriate
> system-auth-{foo}, or I could leave /etc/pam.d alone and force pam (or a
> rebuilt pam) to look elsewhere (/etc/pam.d.local/). Any one of these
> could work, but I am looking for some opinions as to what the best
> practice would be.

I don't understand why you wish to make it so complicate.

  Thorsten

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)