On Sun, Dec 22, 2002 at 05:20:56PM +0100, Ivan Popov wrote:
> [ .... ]
> Hence, I would advocate for moving the configuration from the compilation
> phase to the runtime one, like if compiled with --with-runtime-config
> it would look at $PAM_CONFIG and use it in some way to find
> - pam.{d,conf}
> - security/modules
> (have I forgotten something?)
>
> Of course it is not suitable for setuid binaries like login, but
> 1. a setuid check may be done before looking for PAM_CONFIG,
> 2. --without-runtime-config will be exactly as safe as it is now
>
> Any objections? Any support?! :-)
That sounds like an excellent idea. It would help with testing
too.
One tiny thing -- I wouldn't neccesarily make it a environment
variable, make it an option instead. Env vars are too hard to keep
track of.
Matt
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
