[Bug 369575] Re: Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ?

[Daniel Richard G.]

Happy to give it a try, Steve. I just commented in that bug report.

This is a potential solution, but putting aside the tricky case of "what
happens if the common-* files have customized options, and then the PAM
profile changes?", another problem with this approach is the fragility
of the customization. If you deselect the module, update, then reselect
it, and update... the customized module options are gone without a
trace. There's no way to get them back, other than making the same edit
to the common-* files again. The only real way to safeguard such
customizations is to revert the files to manually-edited mode.

I'm not terribly comfortable with the way the "statefulness" works with
this approach, either. The PAM configuration is not just a vector of
bits indicating enabled/disabled profiles, but also whatever
customizations have been made in the common-* files. If I'm not aware of
what these customizations are, then I have no good way of knowing if my
PAM config is just that vector, or if there's something more to it.
There's no mechanism to tell me "here are all the module options that
are different from what's in the profiles."

-- 
Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ?
https://bugs.launchpad.net/bugs/369575
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to kerberos-configs in ubuntu.