On 1/6/22 8:39 AM, Serge E. Hallyn wrote:
On Thu, Jan 06, 2022 at 02:27:46PM +0100, Karel Zak wrote:
On Mon, Dec 27, 2021 at 09:26:01AM -0600, Bruce Dubbs wrote:
In linuxfromscratch, we have been using su from the shadow package because
the util-linux version requires Linux-PAM. Recently the maintainers of
shadow have announced that they are deprecating su. Our problem is that
some of our users prefer to not install PAM.
I had a discussion about it with Serge (in CC), it seems the current
the conclusion is that "for now shadow will have to keep shipping su".
That sounds good. Thanks for looking into it.
-- Bruce
I haven't mentioned it in the Changelog, but have implied here
https://github.com/shadow-maint/shadow/issues/464
that yes we will not drop su in shadow until there is an alternative.
Is it possible to make the requirement of Linux-PAM optional in the
util-linux version of su? From a preliminary inspection of the code, it
looks like only login-utils/su-common.c would need to be modified with some
#ifdef constructs, but I am not completely comfortable doing that myself.
The problem is not #ifdef, but that you need local reimplementation
for the very basic PAM functionality.
I have suggested creating some minimalistic library with PAM
compatible API, but without all the functionality. Maybe we can
develop this library in util-linux and later offer it to other
projects. Volunteers? ;-)
Another possibility is to improve the original PAM to make it possible
to compile it without modules, etc.
