Package: libpam-runtime
Version: 1.0.1-6
In #566718, the pam-auth-setup configuration for libpam-ccreds is
described. It need two entries in common-auth, one to check the
password and one to store it in the cache. Both need to be enabled
for this to work. At the moment this setup require two separate files
in /usr/share/pam-configs/, which allow inconsistent setup if only one
of them are enabled.
These are the two files proposed for libpam-ccreds at the moment:
Name: Ccreds credential caching - password checking
Default: yes
Priority: 0
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_ccreds.so action=validate
use_first_pass
[default=ignore] pam_ccreds.so action=update
Name: Ccreds credential caching - password saving
Default: yes
Priority: 512
Auth-Type: Additional
Auth:
optional pam_ccreds.so action=store
As far as I know the difference in priority is not significant for
ccreds. Would it be possible to allow two auth entries in the same
file, one Primary and one Additional, to allow something like this:
Name: Ccreds credential caching
Default: yes
Priority: 0
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_ccreds.so action=validate
use_first_pass
[default=ignore] pam_ccreds.so action=update
Auth-Type: Additional
Auth:
optional pam_ccreds.so action=store
This way the ccreds setup would be enabled as a block, and it would
not be possible to only enable part of it using pam-auth-update.
Happy hacking,
--
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
