[PATCH] pam service installation
Oswald Buddenhagen
ossi at kde.org
Sun Oct 27 04:31:21 GMT 2002
four days on kde-core-devel == enough people looked at it, nobody
noticed any problems, but nobody dares to be the one who said "ok",
right? ok ... :)
On Wed, Oct 23, 2002 at 05:27:11AM +0200, Oswald Buddenhagen wrote:
> heya,
>
> this patch makes mkpamserv filter out the pam_securetty module, as
> installing it will usually lead to users not being able to log in as
> root. kdm has a simpler method to restrict root logins.
> still, i don't really like that there is a single blacklisted module ...
> a better solution would be whitelisting all modules that are known to be
> safe. anbody experienced real problems with the current approach?
>
> please check if the code it halfways portable (linux, solaris, freebsd).
>
> Index: mkpamserv
> ===================================================================
> RCS file: /home/kde/kdebase/mkpamserv,v
> retrieving revision 2.3
> diff -u -r2.3 mkpamserv
> --- mkpamserv 2001/12/14 14:21:39 2.3
> +++ mkpamserv 2002/10/23 03:06:12
> @@ -18,7 +18,7 @@
> for sv in kde login; do
> if test -r /etc/pam.d/$sv; then
> echo "Copying PAM service definition file \"$sv\" to \"$1\"."
> - cp /etc/pam.d/"$sv" /etc/pam.d/$1
> + sed -e 's/^\( *[^#].*pam_securetty\)/#\1/' < /etc/pam.d/$sv > /etc/pam.d/$1
> exit 0
> fi
> done
> @@ -30,7 +30,7 @@
> exit 1
> fi
> for sv in kde login; do
> - serv=`grep "^$sv[ ]" /etc/pam.conf`
> + serv=`grep "^$sv[ ]" /etc/pam.conf | grep -v pam_securetty`
> if test -n "$serv"; then
> echo "Copying service definition entry \"$sv\" to \"$1\"."
> echo >>/etc/pam.conf
>
> should i commit?
>
> greetings
>
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel
mailing list