On Tue, Feb 19, 2013 at 01:10:41PM +0100, Michal Schmidt wrote: > On 02/18/2013 08:59 PM, Josh Boyer wrote: > >On Mon, Feb 18, 2013 at 02:36:04PM -0500, Eric Paris wrote: > >>On Mon, 2013-02-18 at 14:28 -0500, Josh Boyer wrote: > >>>On Mon, Feb 18, 2013 at 01:42:09PM -0500, Eric Paris wrote: > >>>>What breaks is admin running > >>>> > >>>>/usr/sbin/sshd -D > >>>> > >>>>or > >>>> > >>>>/usr/sbin/crond -n > >>>> > >>>>unless they redo their stock pam config... > >>> > >>>And there's no way we can fix the stock pam config so they don't have to > >>>do that? > > > >Do you happen to have an example of how to modify the pam config to let > >people still do this? If so, could you send it here? > > /etc/pam.d/sshd has: > session required pam_loginuid.so > > They could replace 'required' with 'optional'. But then they need to > be aware of the consequences: The loginuid of all users logged in > via ssh would be the same as the loginuid of the administrator who > started sshd from his shell. Thanks. > In my view we should not assist the administrators doing that. They > should learn to start services in a clean environment (i.e. by > systemd). I'm not necessarily disagreeing with you, but not everyone is going to agree with you regardless of how sane and correct you might be ;). I'll turn the config on in today's batch of commits. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
