Ralf S. Engelschall wrote:
On Wed, Oct 17, 2007, Douglas S. Summers wrote:
Ralf S. Engelschall wrote:
On Tue, Oct 16, 2007, Douglas S. Summers wrote:
I had proposed an addition for sudo.spec to include an option for using
AIX
authentication (--with-authenticate). When I installed 1.6.9p4 it was
there; now with 1.6.9p6 it's gone again. Any reason why?
According to the version control system there was _never_ a
--with-authenticate option in sudo.spec. I guess your old 1.6.9p4 was
a locally patched version only. The official OpenPKG "sudo" package
never provided this. Can you repost your proposed patch? Or is it such
AIX specific that it cannot be reasonably taken over into the official
OpenPKG "sudo" package?
Add --with-authenticate option for AIX. This seems to work much better than
PAM.
# package options
%option with_aixauth no
# add to end of configure line
%if "%{with_aixauth}" == "yes"
--with-authenticate \
%endif
Ah, I see. But as this %option is entirely platform-specific I don't
think it qualifies for being integrated directly into the package.
Because %options should be generic all usable across all platforms. The
only thing we could do is to _always_ build with --with-authenticate
under AIX (without any %option). Would this make sense? I don't know
this --with-authenticate in detail. What does it actually do?
It forces sudo to use whatever AIX has setup for its system
authentication (LDAP, DCE, GSA, local, etc.). I've found that PAM (only
working on AIX 5.3) doesn't play well with sudo.
Now...if someone were to use this option by mistake it would be
gracefully ignored during the build (already tried this on RHEL & Solaris).
Doug
______________________________________________________________________
OpenPKG http://openpkg.org
User Communication List openpkg-users@openpkg.org
