Re: PAM support lacks pam

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM support lacks pam_setcred() call

From:	Derek Robert Price
Subject:	Re: PAM support lacks pam_setcred() call
Date:	Wed, 22 Oct 2003 08:46:05 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve McIntyre wrote:

| Of course. Again, this is the defaults I'm using for Debian. What do
|
|you think of adding the PamAuth option in general? I like having the
|option of using the normal code as a run-time option set in
|CVSROOT/config, and some people may prefer it.


I like PamAuth in CVSROOT/config.  I'm not so certain about the
DefaultPamUser, but I guess it makes sense.  I think I'd just prefer a
better way to do it.  Perhaps as the force system auth patch I've seen
but which I don't think was ever committed - if there is some character,
an `x' or `*' perhaps, as the password field of a CVSROOT/passwd entry,
then system or PAM auth would be forced but the username map would still
be used.

Maybe both options should be available for maximum configurability...  I
don't know, I guess I just feel like I don't like suckering people into
a corner where there only option is run CVS as the same user for
everybody and lose all the user/group permissions functionality.

Your patch is fine as a first pass in this regard, and I'm not sure what
you were trying to work out with the pam_setcred(), but if nothing else
works out I think this will eventually need the CVSROOT/passwd patch I
mentioned above.

Finally, Brian enabled a configure time feature that would switch the
PAM service name based on the executable name.  Now that I am thinking
about it, I think I would much prefer that it be disabled and a
CVSROOT/config option be used instead, if anything.  That always grated
on me.  But that doesn't affect your patch directly.  Thanks for the
idea!  :)

Derek

- --
~                *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
- --
If that plane leaves the ground and you're not with him, you'll regret
it.  Maybe not today and maybe not tomorrow, but soon and for the rest
of your life.

       - Humphrey Bogart as Rick, _Casablanca_
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/lnwMLD1OTBfyMaQRAlTlAJ9rLEkQsAfbrJkifmWrFJa3UO+RswCgm1BI
d1KoHm86MFt709twR5jDkjQ=
=EENV
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

PAM support lacks pam_setcred() call, Marc Singer, 2003/10/20
- Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/20
  - Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/21
    - Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/21
    - Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/21
    - Re: PAM support lacks pam_setcred() call, Derek Robert Price, 2003/10/21
    - Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/22
    - Re: PAM support lacks pam_setcred() call, Derek Robert Price <=
- Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/27
  - Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/27
    - Re: PAM support lacks pam_setcred() call, Marc Singer, 2003/10/27
    - Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/28
    - Re: PAM support lacks pam_setcred() call, Marc Singer, 2003/10/28
  - Re: PAM support lacks pam_setcred() call, Marc Singer, 2003/10/27

Prev by Date: Re: join not producing conflict
Next by Date: fund transfer
Previous by thread: Re: PAM support lacks pam_setcred() call
Next by thread: Re: PAM support lacks pam_setcred() call
Index(es):
- Date
- Thread