On Fri, Sep 15, 2006 at 10:59:07AM +0200, Erich Schubert wrote: > Hello Steve, > > Could you remind me why this module is specific to /etc/pam.d/ssh and > > /etc/pam.d/login, rather than something that should be enabled in the global > > config?
> AFAIK it's because login and ssh are interactive sessions. These might > be using different contexts (e.g. sysadm_r, staff_r, user_r), whereas > when logging into the imap server this differentiation is not necessary. > (well, I could imagine we would need it in courier and dovecot when > storing the mail in the users home folder?) > We definitely need some selinux wizard for that. Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of these processes change uids as well after authentication, do they also need selinux support? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
