Hi, > Hi > > "Andreas B. Mundt" <a...@debian.org> writes: > >> Control: tags -1 + patch >> >> Hi, >> >> I think the patch below should address the issue. I am not completely >> sure about the "*-Type: Additional", but from [1] and [2] and the >> links there I think it should be as below. >> >> This modification follows the principle of 'least surprise': Neither >> you are loged in without password as before with 'sufficient' and an >> arbitrary script exiting 0, nor you are unable to log in which >> might happen with 'required' and a script exiting non-zero. So I >> guess this is a good default. >> >> CC Gaudenz to allow for his input/comments too. > > Thanks for CCing me. I was not aware of your bug report before. IMO the > proposed patch is wrong. If your pam script is not intended to > authenticate users, then don't use it in the authentication phase. If > the script is used to mount network shares or similar things, put it > into the session phase. > > Having auth scripts be optional by default, just leads to a situation > were everyone that want's to use a script for authentication has to > modify the pam configuration as this default most certainly won't be > right for his case. If you want to change the default, then better > change it to required, but this has the disatvantage you discribed of > fatal failures. Thanks will investigate patch and suggested solutions.
Regards, Martijn van brummelen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org