[arch-general] pam settings INSECURE

Xavier shiningxc at gmail.com
Wed Nov 18 08:52:42 EST 2009


On Wed, Nov 18, 2009 at 2:24 PM, Jan de Groot <jan at jgc.homeip.net> wrote:
> On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote:
>> On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc at gmail.com> wrote:
>> > And I am curious to know what the pam settings of other distro are
>> > (debian,fedora,gentoo,..).
>> >
>> > Finally, maybe it makes sense to try keeping all the different pam
>> > login files as consistent as possible. But I don't know enough about
>> > pam to tell.
>>
>> Some other distros (opensuse, ubuntu, fedora at least) use
>> 'common-auth' (and probably some other 'common-*' files) in
>> /etc/pam.d/, which are then included in the particular pam files.
>> Hence all pam files are consistent. On the other hand, if you need
>> more fine-grained control, you need to edit and consolidate more files
>> than with the current arch setup. [I like arch's system better, but
>> who cares about that :)]
>
> The reason for shipping custom pam files is because we don't have
> common-* files in arch. The gdm file is a straight copy from the login
> file, with some added modules for gnome-keyring to get that daemon
> started on login. With common-auth, we could just @include common-auth
> from the pam file, which is much easier.
>
>

That sounds good.
I filed http://bugs.archlinux.org/task/17188


More information about the arch-general mailing list