|
From: | Derek Robert Price |
Subject: | Re: PAM authentication patch - v2 |
Date: | Tue, 29 Apr 2003 11:10:02 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 |
Brian Murphy wrote:
Mark D. Baushke wrote:Cool. Nice to see.The patch applies cleanly and auto-detects PAM support. I have fully tested it on FreeBSD (where is passes all of the regression tests in sanity.sh), and test-compiled it on Redhat 7.3 GNU/Linux and Solaris 7.
Thanks for testing, Mark.
I suspect that the AC_HELP_STRING for --enable-pam should reallyindicate that it will be enabled if it is detected.Can do if necessary. I would prefer to wait with another spin until all the remaining issues are resolved and then submit one final version (if required)+ [Use to enable system authentication with PAM instead of using the + simple getpwnam interface. This allows authentication (in theory) + with any PAM module, e.g. on systems with shadow passwords or via LDAP]), ,The text probably needs to be rewritten as something like this: [Use to enable system authentication with PAM instead of using the simple getpwnam interface (default). This allows authentication (in theory) with any PAM module (e.g., on systems with shadow passwords or via LDAP). Use --disable-pam to disable this feature.]), ,When consensus is reached I will rewrite (or the person who applies the patch can do it).
If PAM is enabled when detected, the AC_HELP_STRING should indicate that, but since the voting developers are effectively tied on this issue, I will concede Mark's suggestion to have PAM disabled by default and wait for feedback before switching the default to enabled.
This is fine. I would like to hear other people opinions on this and I will not object if the consensus is to disable PAM detection per default without the extraTo be honest, I am not in favor of this being the default (this is probably not a big surprise to you). I'd rather that the HAVE_PAM logic be separate from USE_PAM logic. It may be that I am only stating the minority opinion, but I think it is worth raising this point for consideration.option to configure.They were with the previous patch version. I just forgot to give -N to diff. Just give me the word and I will send a new complete patch but you can just edit the previous patch to extract the necessary. I think I have wasted enough bandwithBTW: You will probably want to send the contrib/pam directory contents separately or diff them each against /dev/null or something... I suppose that Derek could create the pam directory in contrib to make life easier for you.already ;-). /Brian
I will try to test and review the patch myself in the next few days. Derek -- *8^) Email: derek@ximbiot.com Get CVS support at <http://ximbiot.com>! -- Do not walk behind me, for I may not lead. Do not walk ahead of me, for I may not follow. Do not walk beside me, either. Just leave me alone.
[Prev in Thread] | Current Thread | [Next in Thread] |