On 02/18/2013 08:59 PM, Josh Boyer wrote:
On Mon, Feb 18, 2013 at 02:36:04PM -0500, Eric Paris wrote:
On Mon, 2013-02-18 at 14:28 -0500, Josh Boyer wrote:
On Mon, Feb 18, 2013 at 01:42:09PM -0500, Eric Paris wrote:
What breaks is admin running
/usr/sbin/sshd -D
or
/usr/sbin/crond -n
unless they redo their stock pam config...
And there's no way we can fix the stock pam config so they don't have to
do that?
Do you happen to have an example of how to modify the pam config to let
people still do this? If so, could you send it here?
/etc/pam.d/sshd has:
session required pam_loginuid.so
They could replace 'required' with 'optional'. But then they need to be
aware of the consequences: The loginuid of all users logged in via ssh
would be the same as the loginuid of the administrator who started sshd
from his shell.
In my view we should not assist the administrators doing that. They
should learn to start services in a clean environment (i.e. by systemd).
Michal
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
