Re: PAM authentication patch - v2

[Mark D. Baushke]

Max Bowsher <maxb@ukf.net> writes:

> Brian Murphy wrote:
> >> +@example
> >> +cvs auth     required pam_unix.so
> >> +cvs account     required pam_unix.so
> >> +@end example
> >> +
> >> +The the equivalent @file{/etc/pam.d/cvs} would contain
> 
> What was the consensus about hardcoding "cvs" or using the name cvs was
> invoked with as the PAM id?
> 
> If the latter, maybe a note about that here?
> 
> I can see it possibly confusing people a *lot*.

It is entirely possible that a local administrator has already pressed
the 'cvs' PAM identifier into service for some other purpose (this is a
problem with using such a short acronym). For those administrators, it
should probably be a good idea for the PAM id to be able to be configured.

I would rather not see such an id be hardcoded at 'configure' time.
Rather, this is more likely to be something that should be set in the
CVSROOT/config file.

It should probably default to "cvs" and only administrators that have a
strong need set a non-default value. It should be well documented as to
how to change the default and that the examples are for the default PAM
configuration.

        Enjoy!
        -- Mark