On Wed, Mar 24, 2010 at 10:27:23AM +0100, Werner Fink wrote:
> On Mon, Mar 22, 2010 at 07:37:09PM +0100, Petter Reinholdtsen wrote:
> > Looking at the sysvinit bugs in Debian, I came across
> > <URL: http://bugs.debian.org/68621 > again, asking for PAM support in
> > sulogin. This sound like a good idea to me. Werner, what is your
> > view on this?
>
> Currently I've a few open points for PAM support ...
>
> Which processes should be enabled to use PAM?
> IMHO we may skip `+' with their own utmp/wtmp housekeeping
> Also the support could be used for system initial boot
> and runlevel changes together with the sulogin respawn entry
>
> Also I'm missing something like housekeeping of PAM sessions
> that is if a process has finised what happens to the PAM seesion?
>
> Then I've to use
>
> misc_conv()
>
> from libpam_misc which (hoepfully) isn't used :(
>
> Then the manual page of pam_setcred() told me that we shall use
> it *before* pam_open_session() ... which is currently reversed.
>
> Beside this we require a further file that is
>
> /etc/pam.d/init
>
> otherwise the stuff makes no sense.
OK, tested it out and had done some changes.
The file /etc/pam.d/init is required otherwise
the logon is not possible. Now my system is up
and running with new /sbin/init and with
a /etc/pam.d/init:
#%PAM-1.0
#
# The PAM configuration file for /sbin/init
#
#
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session requisite pam_lastlog.so noupdate
Werner
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
