On Thu, Jun 21, 2007 at 03:59:46PM +0200, Petter Reinholdtsen wrote: > Package: libpam-runtime > Version: 0.79-4
> For hal/dbus to know if the request for action is coming from a user > on the console (aka in front of the machine), a method to discover > this is required. In Redhat the pam_console module is used for this, > but it has a few race conditions. In Ubuntu the pam_foreground module > is used for this. It do not have the race problems, and seem like a > better implementation of the same idea. > Getting hal/dbus to properly handle at_console access checks was > requried for Debian Edu, and we implemented this by installing the > libpam-foreground package and modifying /etc/pam.d/common-session to > make it an optional module. The result should look like this: > session optional pam_foreground.so > session required pam_unix.so > The change from the current default is the extra pam_foreground.so > line. Please make this the default configuration for pam. If the > libpam-foreground is missing, the pam config will still work, and the > only negative effect will be that the at_console access check isn't > working. There is another negative effect to enabling this module by default, which is that it will fill the auth log with warnings about missing modules for every session request. In pam 1.0.1-3 and above, a new interface will be available, pam-auth-update, that allows module packages to declare themselves to the system so that they can be added automatically to /etc/pam.d/common-* (automatically, if appropriate). pam_foreground should use this instead. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
