Bug#734818: enable pam_keyinit by default
Steve Langasek
vorlon at debian.org
Tue May 6 16:36:59 UTC 2014
On Tue, May 06, 2014 at 09:12:59AM -0700, Russ Allbery wrote:
> Laurent Bigonville <bigon at debian.org> writes:
> > On Fedora they are using:
> > session optional pam_keyinit force revoke
> force revoke looks good to me. I'm not sure that force is necessary, but
> it's probably a good idea in general.
> > As it's only available on linux architectures, I was thinking of adding
> > a '-' at the beginning of the call. Do you think this is OK for Debian?
> Yes, although this is where it would be nice if this could somehow be
> handled by pam-auth-update so that the PAM module wouldn't be configured
> at all on systems that don't have it.
As discussed on IRC, we don't want this to silently fail on Linux systems
because of some unrelated bug; that will just cause difficult-to-diagnose
problems. Since the module will be present on all Linux systems, it's
better to ship a different pam config on Linux vs. non-Linux architectures,
which can be done fairly easily without duplication using dh-exec.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20140506/a4c107f9/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list