[Pkg-shadow-devel] Bug#747313: Bug#747313: login: Please move pam_selinux open call higher in the session PAM stack

Karel Zak kzak at redhat.com
Mon May 12 09:49:42 UTC 2014

On Wed, May 07, 2014 at 02:14:34PM +0200, Laurent Bigonville wrote:
> After looking at Fedora/CentOS ssh pam config file and talking with
> people upstream[0] I think that the call to pam_selinux open should be
> moved higher in the session stack (just after pam_loginuid and before
> pam_keyinit to follow what Fedora is doing).

just for curiosity, why do you still use ligin(1) from shadow-utils?
Does it have any feature that is missing in util-linux login(1)?

Note that we spent a lot time to make util-linux login(1) compatible
with Suse, /etc/login.defs and to make it PAM-only etc.


 Karel Zak  <kzak at redhat.com>

More information about the Pkg-shadow-devel mailing list