Chris Hofstaedtler wrote: > Justin B Rye wrote: >> Chris Hofstaedtler wrote: >>>> I've left the library packages alone, since a library's function is >>>> usually obvious from the things that depend on it... but in fact you >>>> might want the descriptions to comment on the way wtmpdb has a >>>> Recommends: libpam-wtmpdb instead of a Depends. It's not obvious why >>>> anyone would ever want to install wtmpdb without libpam-wtmpdb (as >>>> opposed to just configuring the PAM module "off"), >>> >>> libpam-wtmpdb is just dead code if its "off". Neither package needs >>> the other for working, so I don't think there should be a Depends: >>> relation. If the argument was made in favor of the Depends:, then it >>> should be in both directions, and then its a policy violation. >> >> If there's no conceivable reason to have wtmpdb without libpam-wtmpdb, > > That is not what I said. Obviously you can record logins without > ever looking at them on the same system, or using wtmpdb to look at > files created on other systems.
And the use case is that I'm so desperately hard up for disk space on my wtmp-reading system that pam_wtmpdb.so won't fit? I'm having real trouble imagining this; after all, if I really was using a tiny bootfloppy for system forensics, it wouldn't need /usr/bin/wtmpdb, either; once I've salvaged a copy of the database I could just run "wtmp --file" on my ordinary Debian desktop system. Meanwhile the idea that libpam-wtmpdb needs anything more than a Suggests on wtmpdb strikes me as strange, because how exactly is libpam-wtmpdb going to accidentally get installed without wtmpdb, and why would it matter if it did? We have things like deborphan and apt autoremove to deal with unwanted extra library packages. > Historically, this functionality > always was split into multiple completely unrelated packages. Historically, it was split between things that couldn't be uninstalled, so the question didn't come up. But just as the amount of space you save by not installing libpam-wtmpdb is trivial, the likelihood that anyone is going to care about these dependencies is also quite low. >> The other thing I nearly reported as a bug (if I could see a way >> towards fixing it) is that the things wtmpdb and its ancestors report >> as logins aren't logins. I don't need to have logged in (giving my >> password to login or a graphical greeter) for each one, and they >> needn't be what the shell classifies as "login shells". It's just >> recording (pseudo-)terminal sessions - and it was the fact that such >> sessions were logged by wtmp (or something equivalent) that originally >> led to people talking about "logging in". > > In the past, what was recorded was dependent on the program > recording it. This was often too much and too little at the same > time. The libpam-wtmpdb config is supposed to only run for > "interactive sessions". If that is better or not is probably site > specific and dependent on implementation details of programs using > PAM. Interactive sessions being ones running in a new (pseudo)terminal; invoking a non-login shell in an x-terminal-emulator does count, and so does connecting via SSH, but invoking the same shell from within xemacs doesn't count, and nor do any of the various things like bash and sudo that can be invoked with --login options. Getting past an X display manager automatically gets me a wtmp "login", even if the system's configured to launch my session automatically at boot without me needing to authenticate, and even if the session it launches doesn't give me any way of running anything! But fortunately in that case I wouldn't be able to run "man wtmpdb" and complain about it. >> But does that mean that a system without libpam-wtmpdb doesn't >> have any logins? > > I don't understand this question. The original reason getting a session as an authenticated user was called "logging in" was that the event is logged. But people don't think of that as part of the meaning of the expression any longer. >> If you look closely at it, the word's hopelessly ambiguous, but the >> fix is probably "don't do that, then". > > I guess it's not particularly well defined and different users have > a different intuitive understanding of it. But it's not really in > scope for wtmpdb to define this word. It's not really in scope even for https://wiki.debian.org/Glossary, since it isn't Debian-specific. -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package
