pam 0.99
Matt Zimmerman
mdz at ubuntu.com
Mon Sep 10 18:52:05 BST 2007
On Mon, Sep 10, 2007 at 08:14:47AM -0700, Kees Cook wrote:
> On Mon, Sep 10, 2007 at 10:25:00AM +0100, Matt Zimmerman wrote:
> > On Mon, Sep 10, 2007 at 08:59:50AM +0200, Tollef Fog Heen wrote:
> > > * Kees Cook
> > >
> > > | On Fri, Sep 07, 2007 at 06:45:50PM +0100, Matt Zimmerman wrote:
> > > | > On Wed, Sep 05, 2007 at 05:18:30PM -0700, Kees Cook wrote:
> > > | > > Does anyone (Mithrandir?) remember why we're carrying the per-user
> > > | > > .pam_environment file patch? That was the most extensive to port to the
> > > | > > new code (the other Ubuntu changes were pretty trivial).
> > > | >
> > > | > I think this was low-hanging fruit added during the implementation of
> > > | > one-true-path. It isn't essential functionality.
> > >
> > > I disagree, I think it's quite important for a user to be able to set
> > > environment variables which take effect no matter how they log in.
> > > (This means ~/.{zsh,bash}rc isn't suitable, nor is ~/.gnomerc.)
> >
> > I think it's *useful*, but I don't think it's *important*, as this
> > functionality has traditionally been missing from UNIX-like systems.
>
> I've already ported the patch, and the 1 bug about it has at least one
> work-around (disable user_env in the pam configs), so since we've used
> it until now, perhaps we should:
>
> 1) keep it
> 2) convince PAM upstream to take it
>
> If they take it, we don't have to patch in the future, and if they have a
> compelling reason for why it is wrong/evil, we can drop it in the future.
We should try #2 first. I think we should avoid having to maintain it
another 5 years if upstream doesn't want it for some reason.
--
- mdz
More information about the ubuntu-devel
mailing list