On Tue, 09.02.10 20:07, Markus Rechberger (mrechberger at gmail.com) wrote: > > Bypassing this layer and accessing things directly is not IMO a good > > design. Everything is possible with the appropriate mechanisms in place > > and no functionality is sacrificed, but you have to be prepared to > > accept that old approaches will not last forever nor survive the tests > > of time. > > your scenario is definitely over engineered for many people out > there. I see your points and I see it as a valid scenario but as > mentioned not as a valid reason for hard restricting users. On the > other side the only way out of this dilemma is to set up systemwide > service which pretty much cannot be done in a generic way with all > distributions which use PA due random config paths and inherited > configuration files. As long as this isn't fixed I hope operating > systems don't make a hard dependency on PA only so people can still > jump back to the old behavior. It's not particularly hard to load another module-native-protocol-unix instance and losen its access restrictions to allow other users access, if you don't care about security. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4
