On Wed, 2022-02-02 at 16:41 +0100, Thorsten Kukuk wrote:
On Wed, Feb 02, Joe Salmeri wrote:
Provide a rule with which the PAM module works in >> all scenarios.
Sorry but I don't know how to do that and also don't use LDAP or kerberos.
I'm confused when you say pam_cifscreds is an unknown module as it is installed from the main TW repository?
I didn't say that pam_cifscreds is an unknown module. If you mean that I don't know it: TW has 30.000 packages or so. So the chances that I don't know a package are really high.
It's badly documented and can only be added to pam-config if somebody explains me, how the stack needs to look like in all scenarios pam-config supports. I will not add a module where the result only works in some few cases and else is a security risk for the others. I don't know this module, and I don't use it and I don't use LDAP or kerberos. So I cannot find out how to configure it and test it.
No offense intended, but _you_ needing to understand every module sounds like a badly scalable design. It should be possible (and actually, mandatory for openSUSE PAM packages) to provide some sort of "plugin" for pam-config which describes the capabilities and dependencies of the module. Best regards, Martin