New Linux-PAM release?
by Thorsten Kukuk
Hi,
with all the last bigger changes, I think we should release
a new Linux-PAM version?
I would suggest 1.3.0 as version number.
Any comments?
Thorsten
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
7 years, 11 months
Replace prompting in pam_unix with pam_get_authtok() calls
by Tomas Mraz
The attached patch simplifies pam_unix with pam_get_authtok() calls
instead of its own implementation. It was necessary to remove the
support for not_set_pass option which is not much useful anyway. On the
other hand it got support for authtok_type= option nearly for free.
I've also improved prompting in pam_get_authtok() to add support for
the authtok_type when getting the old password from the user.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
8 years
[linux-pam] #54: Make strings used on login screen user-friendly
by fedora-badges
#54: Make strings used on login screen user-friendly
--------------------------+------------------------------
Reporter: catanzaro | Owner: pam-developers@…
Type: enhancement | Status: new
Priority: minor | Component: modules
Version: 1.2.x | Keywords:
Blocked By: | Blocking:
--------------------------+------------------------------
Hi,
For Fedora Workstation we would like to make some changes to strings in
Linux-PAM that appear on the login screen, to make the user experience a
bit more simple. Some of these strings contain technical terminology that
we'd like to remove:
"You are required to change your password immediately (root enforced)."
The problem with this string is that we expect users do not understand
what a root account is.
"(current) UNIX password:" "Enter new UNIX password:" "Retype new UNIX
password:" The problem with these strings is that we do not expect users
to understand what UNIX is. A user might become confused as to how a UNIX
password differs from a normal password, and not realize they are the same
thing.
At first I thought we might want to add an opt-in configuration setting to
tell PAM to avoid technical terminology in its prompts, in order to avoid
changing the strings sent to command-line applications like passwd (where
the user is expected to understand concepts like UNIX and root), but since
the required changes are so simple, I think it's probably best to avoid
this...?
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/54>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years
[linux-pam] #46: Fix build with musl libc
by fedora-badges
#46: Fix build with musl libc
----------------------+------------------------------
Reporter: yousong | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: | Keywords:
Blocked By: | Blocking:
----------------------+------------------------------
Hi, patch files in the attachments are produced when building libpam
within OpenWrt. Not long ago, OpenWrt switched to musl as the default
libc which is relatively and different from other implementations, e.g.
crypt() function is part of musl-libc itself, many old functions are
dropped from the implementation, etc.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/46>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years
Patches from ticket #46
by Thorsten Kukuk
Hi,
There is the ticket #46:
https://fedorahosted.org/linux-pam/ticket/46
Fix build with musl libc
The documentation to the patches are pretty bad :(, but
there is some usefull/correct stuff, that's why I want to
discuss them here:
0001-build-use-host_cpu-for-lib64-directory-handling.patch
I think the patch is correct, we should not use uname but the
autoconf $host_cpu variable. Else the options the user specifies
are ignored.
0002-build-ignore-pam_rhosts-if-neither-ruserok-nor-ruser.patch
While the idea behind the patch is Ok, the patch itself is crap.
I wouldn't add that patch as long as nobody rewrites it to do it
the same way as we do for the other modules.
0003-build-ignore-pam_lastlog-when-logwtmp-is-not-availab.patch
Same here.
0004-build-fix-build-when-crypt-is-not-part-of-crypt_libs.patch
The patch is correct, fixes a real bug and should be commited.
0005-build-fix-doc-build.patch
I'm strongly against that patch, it can break everything. If I want
to compile a git checkout and not from the official sources, I should
have the minimal required tools for this.
0006-build-build-xxx_MANS-only-if-ENABLE_REGENERATE_MAN.patch
I'm unsure about this patch. Looks correct, but I'm not sure
about side effects.
0007-modules-check-if-innetgr-is-available-at-compile-tim.patch
That patch is fine for me.
0008-pam_unix-fix-compilation-in-case-rpc-rpc.h-is-missin.patch
This patch doesn't make any sense to me. If HAVE_NIS is defined,
but rpc/rpc.h does not exist, we will still include rpc/rpc.h. So
this patch cannot fix anything. I would reject that.
0009-pam_exec-fix-build-when-strndupa-is-not-available.patch
I don't like that patch at all.
Your comments?
I would like to apply Patch 1, 4 and 7 and close that report.
Thorsten
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
8 years