Re: PAM-only login(1) - Ludwig Nussel

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ludwig Nussel <ludwig.nussel@suse.de>
To: Karel Zak <kzak@redhat.com>
Cc: util-linux@vger.kernel.org, Thorsten Kukuk <kukuk@suse.de>
Subject: Re: PAM-only login(1)
Date: Mon, 22 Aug 2011 14:34:41 +0200	[thread overview]
Message-ID: <4E524CE1.5020502@suse.de> (raw)
In-Reply-To: <20110822120123.GC20457@nb.net.home>

Karel Zak wrote:
> On Mon, Aug 22, 2011 at 01:19:44PM +0200, Ludwig Nussel wrote:
>> Karel Zak wrote:
>>>   I'd like to clean up login(1) code for v2.21. The current code is
>>>   mess with many #ifdef and support for some unused (and badly tested) 
>>>   features (e.g. non-PAM support for /etc/securetty and /etc/usertty).
>>>
>>>   What about to finally create nice and readable PAM-only login(1) for
>>>   Linux?
>>
>> +1
>>
>> On openSUSE we already use a pam-only login program¹. It was forked
> 
> It would be nice to merge all back to util-linux and share the code
> rather than maintain forks.

Sure.

>> from util-linux > ten years ago AFAICT. It also includes features
>> from shadow-utils, like reading settings from /etc/login.defs.
> 
> Does make anything other than MAIL_DIR sense for login(1)?

That one isn't even used by our login. AFAICT the following settings are
honored:

DEFAULT_HOME
ENV_PATH
ENV_ROOTPATH
FAIL_DELAY
HUSHLOGIN_FILE
LOGIN_TIMEOUT
LOG_UNKFAIL_ENAB
MOTD_FILE
TTYGROUP
TTYPERM
TTYTYPE_FILE

I agree that most of them are either superfluous or could be handled by
pam modules. Probably interesting are LOGIN_TIMEOUT and
LOG_UNKFAIL_ENAB. The former is hard-coded in util-linux and the latter
feature is missing. It replaces unknown user names with "UNKNOWN" in the
logs.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

     prev parent reply	other threads:[~2011-08-22 12:34 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-12 11:57 PAM-only login(1) Karel Zak
2011-08-22 11:19 ` Ludwig Nussel
2011-08-22 12:01   ` Karel Zak
2011-08-22 12:34     ` Ludwig Nussel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E524CE1.5020502@suse.de \
    --to=ludwig.nussel@suse.de \
    --cc=kukuk@suse.de \
    --cc=kzak@redhat.com \
    --cc=util-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.