Hi Thorsten, I submitted a bug report on this and Yifan created patch but it seems to be held up. What needs to be done to get this fixed? Also, why is the default pam config /usr/lib/pam.d instead of /usr/etc/pam.d? I thought the plan was for the defaults to be in /usr/etc and that /etc would eventually only contain administrator changes/overrides to configs similar to what ClearLinux does. Thanks Joe

Hi, On Wed, Feb 15, Joe Salmeri wrote:

Hi Thorsten,

I submitted a bug report on this and Yifan created patch but it seems to be held up.

What needs to be done to get this fixed?

You need to ask upstream xrdp developers, it seems like they misunderstood the concept of how pam is looking for the configuration files.

Also, why is the default pam config /usr/lib/pam.d instead of /usr/etc/pam.d?

For exact the reasons which did lead to this bug ;) PAM uses the following search path: /etc/pam.d /usr/lib/pam.d <vendordir>/pam.d Where <vendordir> is /usr/etc on openSUSE. The problem are applications, which thinks they are more clever than PAM and add additional "security" checks, but don't follow the logic of PAM and break everything :( So while the majority of this broken applications are at leat aware of /usr/lib/pam.d, none of them is aware of /usr/etc/pam.d ...

I thought the plan was for the defaults to be in /usr/etc and that /etc would eventually only contain administrator changes/overrides to configs similar to what ClearLinux does.

This is still the case, we just used an upstream directory in this case instead of /usr/etc/pam.d to avoid such problems as you see now with xrdp. The general rule is still: 1. Don't install anything in /etc 2. Prefer an upstream directory in /usr if that exists already to avoid such problems and to avoid the need to patch many packages and to stay compatible with upstream documentation, to not confuse users too much. 3. Use /usr/etc else Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)

On Thu, Feb 16, Joe Salmeri wrote:

Hi Thorsten,

Thanks for the explanation and "general rules".

It would be nice if there was more consistency though instead of 2 places to look for the "default" configs with some being in /usr/lib/ vendor directory and others putting them in /usr/etc.

It's even worse, we also have /usr/share/...

Personally I wish there would be one standard.

I could make an argument both /usr/lib and /usr/etc which I presume is how things got to this situation where both are used OR am possibly I am not considering some other reason.

The problem was, there were already many different package specific "vendor" directories before we started and nobody was interested in unifying them. And nobody wants to change all this well known and documented directories only for openSUSE, because then we are again incompatible to the rest of the world... So we could only create a new one for the missing stuff. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)