On Mon, Sep 25, 2006 at 12:55:39PM -0700, Alan Coopersmith wrote: > I would rather see the def*() functions become unnecessary instead of just > replacing them with yet another set of functions. We are supposed to be > moving away from text files in /etc/default as the primary configuration > method anyway, why continue to encourage it? > > For instance, in the X consolidation code, we are reading only > /etc/default/login, and it would make much more sense to have > PAM read this (or a replacement) itself. In xdm, we check for > the CONSOLE line to determine whether or not to let root login. > PAM should be able to do this, perhaps with a "restrict_root_to_console" > module or something like that.
Most, but not all things in /etc/default/login can be moved into PAM modules, yes (and lastlog processing, and, if we add PAM items, even utmpx processing could move into PAM). E.g., TIMEOUT cannot be implemented in PAM without extending PAM (LinuxPAM, IIRC, implements timeouts in PAM). There are other things in /etc/default/ though. cscope finds 105 calls to defopen() in ON alone (excluding closed source, where there's a few more). Yes, a few over half of those are defopen(NULL) calls. The point is: there's more than a few uses of def*() to read more than a few files. It will take a medium-sized project to get rid of all these uses in Sun. And it will require obsoleting, removing and replacing lots of committed interfaces (configuration files -> SMF/whatever), which means giving a certain amount of warning, and so on, and which therefore may not leave enough time to actually complete such a project anytime soon. BTW, a quick google search finds SCO manpages for def*(), and even some (but not too much) non-OpenSolaris source code calling them, including a post to an OpenAFS list from several years ago that implies that OpenAFS has or had a login replacement that used def*(). I even found a Python module implementing something like this. I would assume that the def*() interfaces are Obsolete but won't be removed for quite some time yet. Are they public? I guess they are but we'll keep saying otherwise -- we really don't/shouldn't want to see any new uses of them. Nico --
