[Pkg-shadow-devel] Bug#747313: Bug#747313: login: Please move pam_selinux open call higher in the session PAM stack
kzak at redhat.com
Mon May 12 09:49:42 UTC 2014
On Wed, May 07, 2014 at 02:14:34PM +0200, Laurent Bigonville wrote:
> After looking at Fedora/CentOS ssh pam config file and talking with
> people upstream I think that the call to pam_selinux open should be
> moved higher in the session stack (just after pam_loginuid and before
> pam_keyinit to follow what Fedora is doing).
just for curiosity, why do you still use ligin(1) from shadow-utils?
Does it have any feature that is missing in util-linux login(1)?
Note that we spent a lot time to make util-linux login(1) compatible
with Suse, /etc/login.defs and to make it PAM-only etc.
Karel Zak <kzak at redhat.com>
More information about the Pkg-shadow-devel