[Pkg-shadow-devel] Bug#747313: Bug#747313: login: Please move pam_selinux open call higher in the session PAM stack

Laurent Bigonville bigon at debian.org
Mon May 12 10:08:02 UTC 2014

Le Mon, 12 May 2014 11:49:42 +0200,
Karel Zak <kzak at redhat.com> a écrit :

> On Wed, May 07, 2014 at 02:14:34PM +0200, Laurent Bigonville wrote:
> > After looking at Fedora/CentOS ssh pam config file and talking with
> > people upstream[0] I think that the call to pam_selinux open should
> > be moved higher in the session stack (just after pam_loginuid and
> > before pam_keyinit to follow what Fedora is doing).
> just for curiosity, why do you still use ligin(1) from shadow-utils?
> Does it have any feature that is missing in util-linux login(1)?
> Note that we spent a lot time to make util-linux login(1) compatible
> with Suse, /etc/login.defs and to make it PAM-only etc.

I've the same question for su actually, but I guess this is a bit out
of the scope of this bugreport.


Laurent Bigonville

More information about the Pkg-shadow-devel mailing list