From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j36LZHpT001275 for ; Wed, 6 Apr 2005 21:35:17 GMT Received: from ctb-mesg1.saix.net ([196.25.240.73]) by smtp.gentoo.org with esmtp (Exim 4.43) id 1DJIB2-0008Qj-Nu for gentoo-dev@robin.gentoo.org; Wed, 06 Apr 2005 21:35:09 +0000 Received: from gateway.lan (wblv-146-225-163.telkomadsl.co.za [165.146.225.163]) by ctb-mesg1.saix.net (Postfix) with ESMTP id 3326A50D0 for ; Wed, 6 Apr 2005 23:35:14 +0200 (SAST) Received: from localhost (localhost.localdomain [127.0.0.1]) by gateway.lan (Postfix) with ESMTP id 851433A26DB for ; Wed, 6 Apr 2005 23:41:04 +0200 (SAST) Received: from gateway.lan ([127.0.0.1]) by localhost (gateway.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17617-07 for ; Wed, 6 Apr 2005 23:41:00 +0200 (SAST) Received: from nosferatu.lan (nosferatu.lan [192.168.0.2]) (using TLSv1 with cipher IDEA-CBC-SHA (128/128 bits)) (No client certificate requested) by gateway.lan (Postfix) with ESMTP id 71D243A26DA for ; Wed, 6 Apr 2005 23:41:00 +0200 (SAST) Subject: Re: [gentoo-dev] Pluggable Hell Part 2: Fixing everything up! From: Martin Schlemmer To: gentoo-dev@robin.gentoo.org In-Reply-To: <200503302215.07876@enterprise.flameeyes.is-a-geek.org> References: <200503302215.07876@enterprise.flameeyes.is-a-geek.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zX/NY4iGqXEz4+BZp13i" Organization: Gentoo Foundation Date: Wed, 06 Apr 2005 23:38:55 +0200 Message-Id: <1112823535.9136.90.camel@nosferatu.lan> Precedence: bulk List-Post: , , List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-To: gentoo-dev@gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.1.1 X-Virus-Scanned: by amavisd-new using ClamAV at nosferatu.za.org Content-Transfer-Encoding: 7bit X-Archives-Salt: 8dcc7163-3884-4723-9a1b-1ae7ecb0135a X-Archives-Hash: bf0b5f83e4c6ab591b86673d4afc6179 --=-zX/NY4iGqXEz4+BZp13i Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 2005-03-30 at 22:15 +0200, Diego "Flameeyes" Petten=C3=B2 wrote: > Ok, second part of my odyssey in PAM implementations. > After a day searching for example config files and so on, I found out tha= t=20 > Linux-PAM already support the include syntax of openpam since version 0.7= 8. > This is useful to our needs, because it allow us to have a single=20 > configuration file which works on both openpam and linux-pam. >=20 > The old syntax is that: >=20 > class required pam_stack.so service=3Dsystem-auth >=20 > the new one should be: >=20 > class include system-auth >=20 Right, like I said this is the better idea in previous post (replied before reading this one). > Now, to start making the changes needed to have complete openpam/linuxpam= =20 > intercompatibility, there's need of a few changes in tree: > - we need a virtual/pam, which could be provided by linux-pam or by openp= am; Right. It should be profile specific I guess, as I am not sure we want it on linux boxes to keep things simple. > - we need an ebuild for openpam (i've wrote one, but still misses a few=20 > points, mainly for the missing thigns here stated) And you/bsd_peeps will obviously maintain it. > - we need a virtual/pam-modules which could be provided by linux-pam or b= y a=20 > new freebsd-pam-modules (they work also under linux as far as I know... i= 'll=20 > test that better when I'll have the other things working, now is a bit=20 > complicated to do), openpam will pdepend on freebsd-pam-modules to provid= e=20 > both in a simple way. Why? What good will they do on linux? Just stick them in bsd profile. > - not needed, but surely helpful, sys-libs/pam could be renamed to=20 > sys-libs/linux-pam, or sys-libs/Linux-PAM which is it's exact spelling. T= his=20 > way we have a consistent naming scheme Like I said before, only real reason why I will biatch about this one, is its called 'pam' on all linux distro's, and it will be another lost history (ok, so the workaround is a schlepp) case without real cause. > - all the dependency on sys-libs/pam should be changed to virtual/pam (al= so if=20 > they use pam_stack.so under openpam, until we have fixed everything this=20 > could be worked around by the ones using openpam... initially only=20 > experimental users should use it, so they should be able to cope with bro= ken=20 > configuration files, see next point for solution) Well, the first thing will be more testing to get Linux-PAM-0.78 stable, and then go through the tree - think that will be more the deciding factor than bsd (who cares about bsd anyhow :P). > - the new ebuilds should add a new configuration file with the new syntax= , and=20 > should depend on: || ( >=3Dsys-libs/pam-0.78 virtual/pam ). This would fi= x the=20 > previous point, as who is using openpam will use the ~arch packages which= =20 > will be fixed one by one (by me, submitting patches to maintainers), this= way=20 > the packages will work out-of-the-box for both g/linux and g/fbsd users (= i=20 > haven't searched on macosx, but should be, as they have the same userland= s of=20 > fbsd). >=20 Ugh, no - just more crud that somebody will have to clean out later. Like I said, get pam-0.78 and issues fixed, bumped to stable on all linux archs, and we can scourge the tree. > I'll work anyway on a pam_stack hack for openpam, also if I'm not sure if= ,=20 > when and how I'll be able to make it work... also I don't like too much=20 > messing with security stuff :/ >=20 Sorry, you are on your own here. > Well.. if there's someone (lu_zero? :) ) which doesn't like this solution= ...=20 > comments accepted :) >=20 Thanks, --=20 Martin Schlemmer Gentoo Linux Developer, Desktop/System Team Developer Cape Town, South Africa --=-zX/NY4iGqXEz4+BZp13i Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBCVFbvqburzKaJYLYRAr/bAJ9KScxagdkGJtpMtCjmspu2GAiu3gCfezOr ST/ld26IipYMjKla4MAlZ8k= =Oewo -----END PGP SIGNATURE----- --=-zX/NY4iGqXEz4+BZp13i-- -- gentoo-dev@gentoo.org mailing list