On Wed, Nov 18, 2009 at 2:24 PM, Jan de Groot <jan@jgc.homeip.net> wrote:
On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote:
On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc@gmail.com> wrote:
And I am curious to know what the pam settings of other distro are (debian,fedora,gentoo,..).
Finally, maybe it makes sense to try keeping all the different pam login files as consistent as possible. But I don't know enough about pam to tell.
Some other distros (opensuse, ubuntu, fedora at least) use 'common-auth' (and probably some other 'common-*' files) in /etc/pam.d/, which are then included in the particular pam files. Hence all pam files are consistent. On the other hand, if you need more fine-grained control, you need to edit and consolidate more files than with the current arch setup. [I like arch's system better, but who cares about that :)]
The reason for shipping custom pam files is because we don't have common-* files in arch. The gdm file is a straight copy from the login file, with some added modules for gnome-keyring to get that daemon started on login. With common-auth, we could just @include common-auth from the pam file, which is much easier.
That sounds good. I filed http://bugs.archlinux.org/task/17188