T o n g <mlist4sunt...@yahoo.com> writes: > I've successfully built a package, the building and installation was > fine. The problem is that when people use Debian packages, they tend to > assume that the package will work out of the box, whereas this pam-ssh- > agent-auth PAM module need a bit of post-install configuration before it > can be used, which I found at > http://www.evans.io/posts/ssh-agent-for-sudo-authentication/
> I.e., it need to configure 3 system files, /etc/sudoers, > /etc/pam.d/sudo, and /etc/ssh/sudo_authorized_keys. > I've trying to automate the configuration as much as possible and have > created patch files for /etc/sudoers, and /etc/pam.d/sudo: > etc/sudoers: http://paste.debian.net/12646/ > /etc/pam.d/sudo: http://paste.debian.net/12647/ For /etc/sudoers, the Debian sudo package supports loading configuration fragments dropped into /etc/sudoers.d. So you can just install the configuration fragment there. For the PAM configuration, do you have to install this module *only* for sudo and not for any other program? Normally, in Debian, you would use the pam-auth-update mechanism to customize common-auth, which handles things like skipping other modules if an overriding module succeeds. But that will of course affect common-auth for all PAM-enabled applications. If you need to customize *only* /etc/pam.d/sudo, I'm afraid that Debian Policy says you're not allowed to do that. Basically, configuration files are owned by a single package, and only that package may modify it. That package *can* provide an interface for modifications that other packages can use, but for this sort of thing, that's probably overkill. The typical thing to do in this sort of situation is to document the required modification in README.Debian; it's not entirely satisfactory, but sometimes there isn't another good option. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vc51pmb8....@windlord.stanford.edu