Bart Blanquart wrote: > On 10/08/08 00:18, Nicolas Williams wrote: >> Or perhaps we decided that because there was no 'include' and no >> pam_eval() that we could script the upgrade of /etc/pam.conf. >> >> But now that we have 'include' and (soon) pam_eval(), the situation gets >> more complex. > > I'm not convinced things are more complex: we no longer have to deal > with modified local configurations, as those will live in files that we > won't touch.
Even once we have pam_eval & pam_user_policy and when we have /etc/pam.d/<service> style like LinuxPAM does the /etc/pam.conf is still an editable file and we have to live with that. Sure it might not have much in it and we may not need to touch it on upgrade/patch if the end admin also hasn't touched. However it is still an editable file. So trying to pretend that somehow we get to /etc/pam.conf not being a file the end admin can edit is IMO silly. -- Darren J Moffat
