Hi, I've been following the chapter about configuring shadow to use pam[1], and it stroke me that it seemed extremely complex, making it difficult to maintain (kudos to the person(s) who managed to do that so far!) and error prone.
One step in the right direction would be to generate login.defs at compile time so that it worked out of the box on most pam-enabled systems. I'm not sure why the installed pam.d rules are so different from the ones in BLFS that an overwrite (instead of patch or edit instructions) is needed, but it'd be nice to have working out-of-the-box as well. I've tried to look at how the various distros package their pam-enabled shadow, and it looks like they all roll out their own pam rules (and some of the small distros avoid updates, I imagine it might be related to the maintenance pain.) It's clear that one size doesn't fit all, but having it work with a default pam setup could perhaps encourage distributors to update more often, and more importantly, focus on the changes that are specific to their systems. Unfortunately I'm too clueless on the subject (both shadow internals and pam in general) to supply a patch (yet), but perhaps someone share my concerns. In any case, would such a patch be accepted? [1] http://www.linuxfromscratch.org/blfs/view/svn/postlfs/shadow.html -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
