Happy to give it a try, Steve. I just commented in that bug report. This is a potential solution, but putting aside the tricky case of "what happens if the common-* files have customized options, and then the PAM profile changes?", another problem with this approach is the fragility of the customization. If you deselect the module, update, then reselect it, and update... the customized module options are gone without a trace. There's no way to get them back, other than making the same edit to the common-* files again. The only real way to safeguard such customizations is to revert the files to manually-edited mode.
I'm not terribly comfortable with the way the "statefulness" works with this approach, either. The PAM configuration is not just a vector of bits indicating enabled/disabled profiles, but also whatever customizations have been made in the common-* files. If I'm not aware of what these customizations are, then I have no good way of knowing if my PAM config is just that vector, or if there's something more to it. There's no mechanism to tell me "here are all the module options that are different from what's in the profiles." -- Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ? https://bugs.launchpad.net/bugs/369575 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
