[PATCH] pam service installation
Oswald Buddenhagen
ossi at kde.org
Wed Oct 23 04:27:11 BST 2002
heya,
this patch makes mkpamserv filter out the pam_securetty module, as
installing it will usually lead to users not being able to log in as
root. kdm has a simpler method to restrict root logins.
still, i don't really like that there is a single blacklisted module ...
a better solution would be whitelisting all modules that are known to be
safe. anbody experienced real problems with the current approach?
please check if the code it halfways portable (linux, solaris, freebsd).
Index: mkpamserv
===================================================================
RCS file: /home/kde/kdebase/mkpamserv,v
retrieving revision 2.3
diff -u -r2.3 mkpamserv
--- mkpamserv 2001/12/14 14:21:39 2.3
+++ mkpamserv 2002/10/23 03:06:12
@@ -18,7 +18,7 @@
for sv in kde login; do
if test -r /etc/pam.d/$sv; then
echo "Copying PAM service definition file \"$sv\" to \"$1\"."
- cp /etc/pam.d/"$sv" /etc/pam.d/$1
+ sed -e 's/^\( *[^#].*pam_securetty\)/#\1/' < /etc/pam.d/$sv > /etc/pam.d/$1
exit 0
fi
done
@@ -30,7 +30,7 @@
exit 1
fi
for sv in kde login; do
- serv=`grep "^$sv[ ]" /etc/pam.conf`
+ serv=`grep "^$sv[ ]" /etc/pam.conf | grep -v pam_securetty`
if test -n "$serv"; then
echo "Copying service definition entry \"$sv\" to \"$1\"."
echo >>/etc/pam.conf
should i commit?
greetings
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel
mailing list