On Sun, Jul 25, 2004 at 10:57:39AM +0100, Luke Kenneth Casson Leighton wrote: > there is a minor issue of inter-dependence of packages that may > be resolved by applying the usual debian approach of > "if-it-was-a-config-file-make-it-a-directory". [snip] > in other words, the contents of /etc/pam.d/ssh get split into > a directory, /etc/pam.d/ssh, as follows: [snip] > and then, you can install a separate pam-selinux package that > blats into the mix: > > 800_selinux: > > session required pam_selinux.so > > reckon? That certainly would provide a way to drop in modules like this, but it doesn't help solve a very similar problem: if I want to disable use of pam_cracklib or pam_passwdqc (or another module which does something similar), I have to not only remove that line from the configuration file or section of pam.conf, I have to modify the next line as well to remove the "use_authtok" flag. There's a less important problem of making libpam skip over files which it shouldn't read (for example, automatically-generated "backups" made by text editors). Nalin _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
