On Wed, May 07, 2014 at 02:14:34PM +0200, Laurent Bigonville wrote:
> After looking at Fedora/CentOS ssh pam config file and talking with
> people upstream[0] I think that the call to pam_selinux open should be
> moved higher in the session stack (just after pam_loginuid and before
> pam_keyinit to follow what Fedora is doing).
just for curiosity, why do you still use ligin(1) from shadow-utils?
Does it have any feature that is missing in util-linux login(1)?
Note that we spent a lot time to make util-linux login(1) compatible
with Suse, /etc/login.defs and to make it PAM-only etc.
Karel
--
Karel Zak <[email protected]>
http://karelzak.blogspot.com
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]