> Op 31 okt. 2014, om 03:59 heeft ChenQi <qi.c...@windriver.com> het volgende > geschreven: > > On 10/30/2014 09:27 PM, Koen Kooi wrote: >>> Op 30 okt. 2014, om 10:08 heeft Chen Qi <qi.c...@windriver.com> het >>> volgende geschreven: >>> >>> systemd needs this file to be there because one of its configuration file >>> in pam.d, systemd-user, requires it. Otherwise, we would have errors like >>> below. >>> >>> systemd: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth >> Isn't it the same as 'common-auth'? ISTR this is due to debian vs fedora >> naming of PAM stuff. I think it would make more sense to check what systemd >> actually wants and then see if a symlink to common-auth or patching systemd >> to use common-auth is the right answer instead of blindly adding system-auth. >> >> regards, >> >> Koen >> > > Hi Koen, > > An alternative is to patch systemd's source code to change the systemd-user > configuration file. > > In fact, I have seen patches in OE whose purpose is merely changing > 'system-auth' to 'common-auth' in the pam configuration files of the packages. > > So we have two options here: > 1. Provide system-auth > 2. Patch packages that make use of system-auth and maintain those patches. > > I think solution 1 is more reasonable but if you and other people in > community think that solution 2 can bring us more benefits, I can send out a > patch using solution 2.
Solution 1) introduces a new PAM file that seems to do the same as one of the common-<foo> files we have. So from a reuse and maintainability standpoint 2) would be better. regards, Koen > > Best Regards, > Chen Qi > >>> Signed-off-by: Chen Qi <qi.c...@windriver.com> >>> --- >>> meta/recipes-extended/pam/libpam/pam.d/system-auth | 12 ++++++++++++ >>> meta/recipes-extended/pam/libpam_1.1.6.bb | 1 + >>> 2 files changed, 13 insertions(+) >>> create mode 100644 meta/recipes-extended/pam/libpam/pam.d/system-auth >>> >>> diff --git a/meta/recipes-extended/pam/libpam/pam.d/system-auth >>> b/meta/recipes-extended/pam/libpam/pam.d/system-auth >>> new file mode 100644 >>> index 0000000..ffb08ab >>> --- /dev/null >>> +++ b/meta/recipes-extended/pam/libpam/pam.d/system-auth >>> @@ -0,0 +1,12 @@ >>> +# This file comes from systemd. >>> + >>> +auth sufficient pam_unix.so nullok try_first_pass >>> + >>> +account required pam_nologin.so >>> +account sufficient pam_unix.so >>> + >>> +password sufficient pam_unix.so nullok sha512 shadow try_first_pass >>> try_authtok >>> + >>> +-session optional pam_loginuid.so >>> +-session optional pam_systemd.so >>> +session sufficient pam_unix.so >>> diff --git a/meta/recipes-extended/pam/libpam_1.1.6.bb >>> b/meta/recipes-extended/pam/libpam_1.1.6.bb >>> index a84e51e..0910b6f 100644 >>> --- a/meta/recipes-extended/pam/libpam_1.1.6.bb >>> +++ b/meta/recipes-extended/pam/libpam_1.1.6.bb >>> @@ -17,6 +17,7 @@ SRC_URI = >>> "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \ >>> file://pam.d/common-session \ >>> file://pam.d/common-session-noninteractive \ >>> file://pam.d/other \ >>> + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', >>> 'file://pam.d/system-auth', '', d)} \ >>> file://libpam-xtests.patch \ >>> file://destdirfix.patch \ >>> file://fixsepbuild.patch \ >>> -- >>> 1.9.1 >>> >>> -- >>> _______________________________________________ >>> Openembedded-core mailing list >>> Openembedded-core@lists.openembedded.org >>> http://lists.openembedded.org/mailman/listinfo/openembedded-core >>> >> > > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core