sysvinit-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)

From: Dr. Werner Fink
Subject: Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)
Date: Tue, 30 Mar 2010 14:51:07 +0200
User-agent: Mutt/1.5.20 (2009-06-14) 
On Wed, Mar 24, 2010 at 06:44:12PM +0100, Petter Reinholdtsen wrote:
> [Dr. Werner Fink]
> > Currently I've a few open points for PAM support ...
> > 
> >  Which processes should be enabled to use PAM?
> >    IMHO we may skip `+' with their own utmp/wtmp housekeeping
> >    Also the support could be used for system initial boot
> >    and runlevel changes together with the sulogin respawn entry
> 
> I have not investigated this PAM patch, but my initial thought would
> be to use pam only for the sysvinit stuff that need to ask for a user
> password (single user), to make sure any pam authentication method
> will work to get root access in an emergency.

I've found on http://src.opensolaris.org/ that for
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/init/init.c
only a potential PAM session on the tty line is closed,
nothing more and nothing less.  The file
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/sulogin/sulogin.c
does not use PAM at all. And indeed I've found that the
sulogin remains without PAM as any error within /etc/pam.d/
configuration would make it impossible for root to logon
in an emergency case to fix e.g. the PAM configuration.


    Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr
reply via email to
[Prev in Thread] Current Thread [Next in Thread]