[RFH] Review of SDDM’s PAM configuration
Sam Hartman
hartmans at debian.org
Mon Jan 6 18:18:52 GMT 2025
>>>>> "Aurélien" == Aurélien COUDERC <coucouf at debian.org> writes:
Aurélien> Dear Sam, I recently noticed that we ship Debian-specific
Aurélien> PAM configuration for SDDM because upstream were dropping
Aurélien> [1] what they previously had in their repo for Debian
Aurélien> (that we were already overriding anyway).
Aurélien> I have very little knowledge about the PAM stack so I
Aurélien> would like to kindly ask you if you could do an in depth
Aurélien> review of what we ship [2] for SDDM.
The files we ship generally appear reasonable.
I didn't refresh my knowledge of how sddm works, and for example how
pam_keyinit.so works differently than gnome keyring etc etc.
I was puzzled at one line though:
>From the sddm pam config:
auth required pam_succeed_if.so user != root quiet_success
What do you expect that to do/why is it there?
I did *not* audit the pam config you are shipping against the upstream
non-debian pam config.
That's beyond the level of effort I am willing to put in; that's kind of
hard.
More information about the pkg-kde-talk
mailing list