Bug#734818: enable pam_keyinit by default
Russ Allbery
rra at debian.org
Tue May 6 16:12:59 UTC 2014
Laurent Bigonville <bigon at debian.org> writes:
> On Fedora they are using:
> session optional pam_keyinit force revoke
force revoke looks good to me. I'm not sure that force is necessary, but
it's probably a good idea in general.
> As it's only available on linux architectures, I was thinking of adding
> a '-' at the beginning of the call. Do you think this is OK for Debian?
Yes, although this is where it would be nice if this could somehow be
handled by pam-auth-update so that the PAM module wouldn't be configured
at all on systems that don't have it.
> I guess it should be the same in all the initial login pam services.
I think so, yes.
Thanks for looking at this!
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-gnome-maintainers
mailing list