]] Jerome BENOIT > On 29/06/13 09:44, Tollef Fog Heen wrote: > > ]] Jerome BENOIT > > > > > >> Nevertheless, a less egocentric reading of the PAM policy let me guess that > >> the priority may be higher but less than 256 (``local authentication''); > >> for the lower bound, as it makes sense that a ``strong measures'' module > >> needs a relevant effective TMPDIR, I guess that the priority must be > >> strictly > >> greater then 128. On the other hand, libpam-tmdir may implicitly need some > >> prerequirements while postrequirements may be needed as well: > >> rooms must be provided before and after. Therefrom, a priority of > >> > >> 128+(256-128)/2=192 > >> > >> for libpam-tmpdir sounds reasonable wrt the Ubuntu documents cited above. > > > > I agree that the priority should probably be higher, but I don't think > > your reasoning holds, since it's not an authentication module, it's a > > session module, so any priority change won't really help you, if you do > > your work in the auth phase (which I think you are?). > > Let me to be egocentric again. > > pam_ssh(8) has both `auth' and `session' features: > the SSH agent is initiated during the `session' part.
Ok, then it ought to work. [...] > >> Do you plane to fix this issue soon ? > > > > I wasn't planning on changing it until we have some reasonable specs to > > go by, so we don't have uncoordinated priorities being set. > > This sounds reasonable: to which door may we knock in view to clarify the > point ? I've asked Steve Langasek (who wrote the original spec) to comment, both in my original reply to you and on my last and this followup. Cheers, -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
