GNU bug report logs - #63198
cups-service-type uses PAM-enabled 'cups' by default which prevents authentication

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Mon, 1 May 2023 03:09:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: muradm <mail <at> muradm.net>
Cc: 63198 <at> debbugs.gnu.org
Subject: bug#63198: cups-service-type uses PAM-enabled 'cups' by default which prevents authentication
Date: Mon, 15 May 2023 11:24:19 -0400

Hi,

muradm <mail <at> muradm.net> writes:

> Fixes <https://issues.guix.gnu.org/63198>.
>
> Makes CUPS service to extend pam-root-service-type providing minimal
> configuration to authenticate users. Since PAM authentication is
> provided, cups package can be used as default.
>
> * gnu/services/cups.scm (cups-configuration) [cups]: Use cups.

I'd write 'Replace cups-minimal with cups'.

> [allow-empty-password?]: PAM service configuration permitting empty passwords.

I'd write 'New field', but I think we'd want to add proper PAM support
here not a 'bypass PAM authentication' hack.  It should also be enabled
out of the box, otherwise users won't be able to authenticate until they
figure out they need to set that switch to #t.

> (opaque-cups-configuration): Likewise.
> (cups-pam-service): cups PAM service.

Not descriptive :-)  What is the change here?

Could you look into adding "regular" login PAM support instead of a
bypass disabled by default?  The user should still be prompted for its
password, and it should go through the PAM auth module.

I'm not very PAM-aware, but I believe there are examples spread in the
code base.

-- 
Thanks,
Maxim
This bug report was last modified 2 years ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.