Difference between pages "Package:PAM base" and "Ebuilds"

(Difference between pages)
(describe how files are generated and the issues with tht)
 
 
Line 1: Line 1:
{{Ebuild
+
== Recently Modified Ebuilds ==
|Summary=Base configuration files for different PAM implementations
+
 
|CatPkg=sys-auth/pambase
+
{{#ask: [[Category:Ebuilds]]
 +
| order=descending
 +
| sort=Modification date
 +
| format=list
 +
| limit=100
 +
| searchlabel=
 
}}
 
}}
== Current design ==
 
=== Installed files ===
 
Currently the following files are installed by pambase:
 
  
<pre>
+
== All Ebuilds ==
/etc/pam.d/login
+
/etc/pam.d/passwd
+
/etc/pam.d/su
+
/etc/pam.d/system-auth
+
/etc/pam.d/system-login
+
/etc/pam.d/system-local-login
+
/etc/pam.d/system-remote-login
+
/etc/pam.d/system-services
+
/etc/pam.d/other
+
</pre>
+
  
The files starting with 'system' prefix are intended to be used by other PAM files. In particular:
+
{{#ask: [[Category:Ebuilds]]
 
+
| format=category
# ''system-auth'' is used whenever user authentication is desired. It is included in PAM files for account manipulation tools (''passwd'', ''chsh'', ...), authenticated daemons (''imap'', ''pop3''), ''xscreensaver'' (for screen locking) and ''system-login''.
+
}}
# ''system-login'' is used whenever login is done. It is currently included only in ''system-local-login'' and ''system-remote-login''.
+
# ''system-local-login'' is used whenever local system login is performed. It is used by ''login'' and display managers.
+
# ''system-remote-login'' is used whenever remote system login is performed. It is used by ''sshd''.
+
# ''system-services'' is used whenever system daemons are started. It is used by ''start-stop-daemon'' and systemd.
+
 
+
=== How files are generated ===
+
The pambase Makefile generates the above files using traditional C preprocessor on top of templates. The preprocessor is provided with defines matching USE flags of choice. The processed files are then installed to user systems.
+
 
+
=== Problems with the current system ===
+
The problems with the current system are:
+
 
+
# centralised management of PAM backends,
+
# no easy way for user to modify the configuration files without having to repeatedly handle updates.
+
 
+
In particular, the ability to change authentication backends is very limited. If a new backend is to be supported out-of-the-box, one needs to update the pambase package and add more flags and conditionals to it. There is no sane way of controlling the module use order or adding out-of-tree PAM modules.
+
 
+
If user modifies module configuration, he needs to maintain the modifications while pambase upgrades try to restore configuration file to the original content.
+
 
+
{{EbuildFooter}}
+

Revision as of 04:30, December 24, 2014

Recently Modified Ebuilds

{{#ask: | order=descending | sort=Modification date | format=list | limit=100 | searchlabel= }}

All Ebuilds

{{#ask:

| format=category }}