sysvinit-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)

From: Dr. Werner Fink
Subject: Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)
Date: Thu, 1 Apr 2010 11:20:41 +0200
User-agent: Mutt/1.5.20 (2009-06-14) 
On Tue, Mar 30, 2010 at 02:55:26PM +0200, Werner Fink wrote:
> On Fri, Mar 26, 2010 at 08:24:08PM +0100, Petter Reinholdtsen wrote:
> > [Dr. Werner Fink]
> > > OK, tested it out and had done some changes.  The file
> > > /etc/pam.d/init is required otherwise the logon is not possible.
> > 
> > Why not change the pam_start() call to use "login" instead of "init",
> > to avoid the need for a new pam configuration file?
> > 
> > Btw, why is the pam stuff in init.c, and not in sulogin.c?
> 
> IMHO we should not use PAM in sulogin without any fallback
> otherwise we'd run into trouble in case of having en error
> in the PAM configuration.

I've just removed the PAM initial session code as sulogin
does not use any pam_conv() function but its own password
conversation function.  As sulogin uses getpwnam(3) it is
able to handle DES, MD5, SHA, and even Blowfish encrypted
passwords (just tested).  For the case of a failing getpwnam()
I've extended the valid() function to be able to handle
not only DES and MD5 but also SHA and Blowfish encrypted
passwords.

Attached I've a patch which uses PAM to update the lastlog file
in case of a dead PAM user session.  Should we apply this one?

     Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr

Attachment: notify-pam-dead.patch
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]