On Wed, May 07, 2014 at 02:14:34PM +0200, Laurent Bigonville wrote:
> After looking at Fedora/CentOS ssh pam config file and talking with
> people upstream[0] I think that the call to pam_selinux open should be
> moved higher in the session stack (just after pam_loginuid and before
> pam_keyinit to follow what Fedora is doing).

just for curiosity, why do you still use ligin(1) from shadow-utils?
Does it have any feature that is missing in util-linux login(1)?

Note that we spent a lot time to make util-linux login(1) compatible
with Suse, /etc/login.defs and to make it PAM-only etc.

    Karel

-- 
 Karel Zak  <[email protected]>
 http://karelzak.blogspot.com


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to