On Tue, Sep 04, 2012 at 08:52:14PM +0100, Pádraig Brady wrote:
> Thanks for doing all that Karel.
> I've not time to look now,
> but will note that many were looking for
> a lightweight option that didn't need PAM.
I know, it should be the second step.
> Perhaps PAM support could be easily compiled out?
Not yet. The patch will be pretty simple, all we need is to add
something like #ifdef BUILD_LIGHTWEIGHT_RUNUSER to
create_watching_parent() and authenticate().
Volunteers? (I'm going to spend this week with coverity scanner...)
Note that we will support PAM-only su(1), maintain alternative
authentication code in utils like su(1), login(1), ... is nonsense.
If you don't like modular PAM then you can rebuild libpam with
statically linked modules (result is still shared library, but without
dlopen()).
The command runuser(1) is different as there is no authentication at
all -- it's just wrapper around setuid/gid, and it uses PAM for
session setup only.
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
