[PATCH] pam service installation

Oswald Buddenhagen ossi at kde.org
Wed Oct 23 04:27:11 BST 2002


this patch makes mkpamserv filter out the pam_securetty module, as
installing it will usually lead to users not being able to log in as
root. kdm has a simpler method to restrict root logins.
still, i don't really like that there is a single blacklisted module ...
a better solution would be whitelisting all modules that are known to be
safe. anbody experienced real problems with the current approach?

please check if the code it halfways portable (linux, solaris, freebsd).

Index: mkpamserv
RCS file: /home/kde/kdebase/mkpamserv,v
retrieving revision 2.3
diff -u -r2.3 mkpamserv
--- mkpamserv	2001/12/14 14:21:39	2.3
+++ mkpamserv	2002/10/23 03:06:12
@@ -18,7 +18,7 @@
     for sv in kde login; do
 	if test -r /etc/pam.d/$sv; then
 	    echo "Copying PAM service definition file \"$sv\" to \"$1\"."
-	    cp /etc/pam.d/"$sv" /etc/pam.d/$1
+	    sed -e 's/^\( *[^#].*pam_securetty\)/#\1/' < /etc/pam.d/$sv > /etc/pam.d/$1
 	    exit 0
@@ -30,7 +30,7 @@
 	exit 1
     for sv in kde login; do
-	serv=`grep "^$sv[ 	]" /etc/pam.conf`
+	serv=`grep "^$sv[ 	]" /etc/pam.conf | grep -v pam_securetty`
 	if test -n "$serv"; then
 	    echo "Copying service definition entry \"$sv\" to \"$1\"."
 	    echo >>/etc/pam.conf

should i commit?


Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.

More information about the kde-core-devel mailing list