[arch-general] pam settings INSECURE

Jan de Groot jan at jgc.homeip.net
Wed Nov 18 08:24:24 EST 2009


On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote:
> On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc at gmail.com> wrote:
> > And I am curious to know what the pam settings of other distro are
> > (debian,fedora,gentoo,..).
> >
> > Finally, maybe it makes sense to try keeping all the different pam
> > login files as consistent as possible. But I don't know enough about
> > pam to tell.
> 
> Some other distros (opensuse, ubuntu, fedora at least) use
> 'common-auth' (and probably some other 'common-*' files) in
> /etc/pam.d/, which are then included in the particular pam files.
> Hence all pam files are consistent. On the other hand, if you need
> more fine-grained control, you need to edit and consolidate more files
> than with the current arch setup. [I like arch's system better, but
> who cares about that :)]

The reason for shipping custom pam files is because we don't have
common-* files in arch. The gdm file is a straight copy from the login
file, with some added modules for gnome-keyring to get that daemon
started on login. With common-auth, we could just @include common-auth
from the pam file, which is much easier.



More information about the arch-general mailing list