[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: slow su? [solved]
On Sat, Aug 13, 2011 at 04:23:55PM -0700, John Nemeth wrote:
> } Yup. I was told that the fix I proposed (causing missing modules to
> } always fail) was unacceptable. Apparently the PAM semantics are so
> } fragile that any change to make it more robust also makes it fail open
> } in obscure ways, or something like that.
> If I recall right, my reading of the PAM spec was that it should
> ignore missing modules, but I don't have the spec in front of me at the
> moment. When I asked you about it, you just handwaved and said that
> somebody you know that is supposedly a PAM expert said it would be a
> bad idea without providing any details. I sure would like to know why
> we shouldn't just follow the spec...
I no longer remember who I was talking to then, but if it wasn't you
chances are it was one of the linux-pam people. My vague recollection
is that it was you that told me it wasn't acceptable but I guess that
must be entirely wrong.
David A. Holland
Main Index |
Thread Index |