Re: [opensuse-factory] vote for enhancement 943474
You can use the pam.d/common-session-local file too, you could include this file in the main common-session file. In some situations the order of the entries in the common configs files is important. pam-config knows that for its supported modules. In my case pam_yubico.so needs the first position in common-auth. At witch position could you add your config in common-session? Torsten Am 31.08.2015 um 09:40 schrieb Daniel Pecka:
Hello,
current situation is like this (similar to the other config files managed by yast): you can either choose a manual editing OR yast/authconfig/pam-config editing .. To support pam.d/common-session-local (+ maybe few more -local files) seems to me like the most easy solution.
When somebody starts adding adding a -local rules we could presume, that he/she knows good what he/she 's doing ..
Current settings just lead to the state, when changes are added globally which is not exactly the best solution.
regards, daniel
S Pozdravem / Best Regards -------------------------------------------------------
Daniel Pecka - dpecka@opensuse.org SCSA, SCNA, RHCE, CLP
On Mon, Aug 31, 2015 at 9:24 AM, Torsten Gruner
wrote: Yes, pam-config needs some new features. I have an easier problem with pam_u2f.so and pam_yubico.so. My first solution was to add this modules to pam-config, but what you want is much more difficult to support it with the idea of pam-config. And an other restriction is the static control field. No choise for required or sufficent or [ default=1 ... ].
We need a solution to support user settings. My suggestion is to parse the config files for unknown entries and add a key comment header to mark it as user settings. A switch could turn on or off the user settings to get a safe and stable state in the hole PAM configuration.
Torsten
Am 29.08.2015 um 02:50 schrieb Daniel Pecka:
Hello geeko minions,
I've been told on irc to advocate for my enhancement request also like this here, so doing it ..
You can find my proposal at: https://bugzilla.suse.com/show_bug.cgi?id=943474
I think it's reasonable ... Let's go and be one step forward before our competitors and other foes :) ..
regards, daniel
S Pozdravem / Best Regards -------------------------------------------------------
Daniel Pecka - dpecka@opensuse.org SCSA, SCNA, RHCE, CLP
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (1)
-
Torsten Gruner