Package: sudo
Version: 1.6.9p17-2
Severity: normal
File: /etc/pam.d/sudo
The shipped sudo pam configuration has some hand-coded session support, but
doesn't actually use the standard /etc/pam.d/common-session infrastructure:
,----[ /etc/pam.d/sudo ]
| #%PAM-1.0
|
| @include common-auth
| @include common-account
|
| session required pam_permit.so
| session required pam_limits.so
`----
This is rather surprising, and leads to things like me configuring pam_umask
in the common-session file, then spending some minutes wondering where I got
it wrong since sudo didn't apply the changes...
More seriously, I think it would be more appropriate to change that
configuration to '@include common-session' rather than hand-coding the modules
supported.
This seems especially relevant in light of the pam-auth-update changes
currently flowing through the system, since they encourage more configuration
of the common-session content by end users, especially less technical end
users.
Thank you for you time, and your work packaging sudo.
Regards,
Daniel
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sudo depends on:
ii libc6 2.9-5 GNU C Library: Shared libraries
ii libpam-modules 1.0.1-7 Pluggable Authentication Modules f
ii libpam0g 1.0.1-7 Pluggable Authentication Modules l
sudo recommends no packages.
sudo suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
