[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM support lacks pam_setcred() call
From: |
Derek Robert Price |
Subject: |
Re: PAM support lacks pam_setcred() call |
Date: |
Wed, 22 Oct 2003 08:46:05 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve McIntyre wrote:
| Of course. Again, this is the defaults I'm using for Debian. What do
|
|you think of adding the PamAuth option in general? I like having the
|option of using the normal code as a run-time option set in
|CVSROOT/config, and some people may prefer it.
I like PamAuth in CVSROOT/config. I'm not so certain about the
DefaultPamUser, but I guess it makes sense. I think I'd just prefer a
better way to do it. Perhaps as the force system auth patch I've seen
but which I don't think was ever committed - if there is some character,
an `x' or `*' perhaps, as the password field of a CVSROOT/passwd entry,
then system or PAM auth would be forced but the username map would still
be used.
Maybe both options should be available for maximum configurability... I
don't know, I guess I just feel like I don't like suckering people into
a corner where there only option is run CVS as the same user for
everybody and lose all the user/group permissions functionality.
Your patch is fine as a first pass in this regard, and I'm not sure what
you were trying to work out with the pam_setcred(), but if nothing else
works out I think this will eventually need the CVSROOT/passwd patch I
mentioned above.
Finally, Brian enabled a configure time feature that would switch the
PAM service name based on the executable name. Now that I am thinking
about it, I think I would much prefer that it be disabled and a
CVSROOT/config option be used instead, if anything. That always grated
on me. But that doesn't affect your patch directly. Thanks for the
idea! :)
Derek
- --
~ *8^)
Email: derek@ximbiot.com
Get CVS support at <http://ximbiot.com>!
- --
If that plane leaves the ground and you're not with him, you'll regret
it. Maybe not today and maybe not tomorrow, but soon and for the rest
of your life.
- Humphrey Bogart as Rick, _Casablanca_
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQE/lnwMLD1OTBfyMaQRAlTlAJ9rLEkQsAfbrJkifmWrFJa3UO+RswCgm1BI
d1KoHm86MFt709twR5jDkjQ=
=EENV
-----END PGP SIGNATURE-----
Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/27
Re: PAM support lacks pam_setcred() call, Marc Singer, 2003/10/27