|
|
| Line 1: |
Line 1: |
| {{Ebuild | | == Recently Modified Ebuilds == |
| |Summary=Base configuration files for different PAM implementations | | |
| |CatPkg=sys-auth/pambase | | {{#ask: [[Category:Ebuilds]] |
| | | order=descending |
| | | sort=Modification date |
| | | format=list |
| | | limit=100 |
| | | searchlabel= |
| }} | | }} |
| == Current design ==
| |
| === Installed files ===
| |
| Currently the following files are installed by pambase:
| |
|
| |
|
| <pre>
| | == All Ebuilds == |
| /etc/pam.d/login
| |
| /etc/pam.d/passwd
| |
| /etc/pam.d/su
| |
| /etc/pam.d/system-auth
| |
| /etc/pam.d/system-login
| |
| /etc/pam.d/system-local-login
| |
| /etc/pam.d/system-remote-login
| |
| /etc/pam.d/system-services
| |
| /etc/pam.d/other
| |
| </pre>
| |
|
| |
|
| The files starting with 'system' prefix are intended to be used by other PAM files. In particular:
| | {{#ask: [[Category:Ebuilds]] |
| | | | format=category |
| # ''system-auth'' is used whenever user authentication is desired. It is included in PAM files for account manipulation tools (''passwd'', ''chsh'', ...), authenticated daemons (''imap'', ''pop3''), ''xscreensaver'' (for screen locking) and ''system-login''.
| | }} |
| # ''system-login'' is used whenever login is done. It is currently included only in ''system-local-login'' and ''system-remote-login''.
| |
| # ''system-local-login'' is used whenever local system login is performed. It is used by ''login'' and display managers.
| |
| # ''system-remote-login'' is used whenever remote system login is performed. It is used by ''sshd''.
| |
| # ''system-services'' is used whenever system daemons are started. It is used by ''start-stop-daemon'' and systemd.
| |
| | |
| === How files are generated ===
| |
| The pambase Makefile generates the above files using traditional C preprocessor on top of templates. The preprocessor is provided with defines matching USE flags of choice. The processed files are then installed to user systems.
| |
| | |
| === Problems with the current system ===
| |
| The problems with the current system are:
| |
| | |
| # centralised management of PAM backends,
| |
| # no easy way for user to modify the configuration files without having to repeatedly handle updates.
| |
| | |
| In particular, the ability to change authentication backends is very limited. If a new backend is to be supported out-of-the-box, one needs to update the pambase package and add more flags and conditionals to it. There is no sane way of controlling the module use order or adding out-of-tree PAM modules.
| |
| | |
| If user modifies module configuration, he needs to maintain the modifications while pambase upgrades try to restore configuration file to the original content.
| |
| | |
| {{EbuildFooter}}
| |