Hi,
> Hi
>
> "Andreas B. Mundt" <a...@debian.org> writes:
>
>> Control: tags -1 + patch
>>
>> Hi,
>>
>> I think the patch below should address the issue.  I am not completely
>> sure about the "*-Type: Additional", but from [1] and [2] and the
>> links there I think it should be as below.
>>
>> This modification follows the principle of 'least surprise':  Neither
>> you are loged in without password as before with 'sufficient' and an
>> arbitrary script exiting 0, nor you are unable to log in which
>> might happen with 'required' and a script exiting non-zero.  So I
>> guess this is a good default.
>>
>> CC Gaudenz to allow for his input/comments too.
>
> Thanks for CCing me. I was not aware of your bug report before. IMO the
> proposed patch is wrong. If your pam script is not intended to
> authenticate users, then don't use it in the authentication phase. If
> the script is used to mount network shares or similar things, put it
> into the session phase.
>
> Having auth scripts be optional by default, just leads to a situation
> were everyone that want's to use a script for authentication has to
> modify the pam configuration as this default most certainly won't be
> right for his case. If you want to change the default, then better
> change it to required, but this has the disatvantage you discribed of
> fatal failures.
Thanks will investigate patch and suggested solutions.

Regards,
Martijn van brummelen


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to