On 01/09/2018 10:36 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Tue, Jan 09, 2018 at 04:30:56PM +0100, Pavel Březina wrote:
On 01/05/2018 05:21 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Fri, Jan 05, 2018 at 02:50:45PM +0100, Jan Kurik wrote:
= System Wide Change: Make authselect default tool instead of authconfig =
https://fedoraproject.org/wiki/Changes/AuthselectAsDefault
Does this change do anything to reduce the number of files in /etc
that do not contain local configuration? PAM is currently one of the
worst offenders, with /etc/pam.d full of "configuration" files.
No. The files must stay since it would require changes in pam itself
and that is out of scope of authselect. Each file corresponds to
individual pam service and is read when pam_start(service_name, ...)
is called.
Elsewhere in the thread /usr/share/authselect/custom is metioned as
directory for admin config. That's OK-ish, as long as you also allow
a directory in /etc for the same purpose. /usr must be allowed to be
immutable.
Would /usr/local be OK as well?
/usr/local is special. Packages are not allowed to put stuff there [1],
and it is instead an alternate install location that is under the
control of the administrator. It seems reasonable to support
authselect configuration located there.
/usr/share/authselect and /etc/authselect are the two main locations
that should be supported, and /usr/local/share/autselect would be an
additional option.
[1] https://fedoraproject.org/wiki/Packaging:Guidelines#No_Files_or_Directories_under_.2Fsrv.2C_.2Fusr.2Flocal.2C_or_.2Fhome.2F.24USER
Thank you for the info. I created upstream ticket to track this change:
https://github.com/pbrezina/authselect/issues/28
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
