GNU bug report logs - #63383
[PATCH 0/4] Various PAM improvements

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#63383: closed ([PATCH 0/4] Various PAM improvements)
Date: Tue, 15 Aug 2023 20:20:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Tue, 15 Aug 2023 22:19:34 +0200
with message-id <87cyzo83e1.fsf_-_ <at> gnu.org>
and subject line Re: bug#63383: [PATCH 0/4] Various PAM improvements
has caused the debbugs.gnu.org bug report #63383,
regarding [PATCH 0/4] Various PAM improvements
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
63383: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=63383
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Felix Lechner <felix.lechner <at> lease-up.com>
To: guix-patches <at> gnu.org
Cc: Felix Lechner <felix.lechner <at> lease-up.com>
Subject: [PATCH 0/4] Various PAM improvements
Date: Mon,  8 May 2023 17:56:31 -0700

This commit series makes several improvements to the way Linux-PAM is used in
Guix. Most notably, it employs absolute paths into the store where
possible. The series also improves significantly on the system test for
pam_limits.

These commits have been tested and already being deployed in production.

Additional details are in the commit messages.

Felix Lechner (4):
  In PAM test, confirm ulimits actually imposed instead of comparing
    config files.
  Drop limits.conf from /etc/security; use directly in
    pam-limits-service-type.
  Refer to the built-in Linux-PAM modules by their absolute paths.
  Use more file-append.

 gnu/services/authentication.scm |  2 +-
 gnu/services/base.scm           | 65 +++++++++++++++---------------
 gnu/services/kerberos.scm       |  2 +-
 gnu/services/lightdm.scm        | 60 ++++++++++++++++++++--------
 gnu/services/pam-mount.scm      |  2 +-
 gnu/services/sddm.scm           | 33 ++++++++--------
 gnu/services/xorg.scm           |  5 ++-
 gnu/system/pam.scm              | 20 +++++-----
 gnu/tests/pam.scm               | 70 ++++++++++++++++++---------------
 9 files changed, 146 insertions(+), 113 deletions(-)


base-commit: d1aba42ad4e1909faa21d484975c5954c778e002
-- 
2.39.2

[Message part 3 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Felix Lechner <felix.lechner <at> lease-up.com>
Cc: 63383-done <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: bug#63383: [PATCH 0/4] Various PAM improvements
Date: Tue, 15 Aug 2023 22:19:34 +0200

Hi,

Sorry for the long delay!

Felix Lechner <felix.lechner <at> lease-up.com> skribis:

> There is another bug that was probably a reason why some folks
> hesitated to accept this patch:
>
>   https://issues.guix.gnu.org/32182
>
> In that bug, Ludo' proposed to refer from Shepherd services to PAM
> services by absolute paths. I believe it is a viable and worthy
> solution.
>
> (By contrast, this bug makes PAM services refer to PAM modules by
> absolute paths.)

Right.  For this reason, I’m dropping the patch that adds more absolute
file names for all modules shipped with ‘linux-pam’ but keeping the rest.

> Another solution could be to make all PAM modules and services Guile
> scripts. While admittedly a more comprehensive effort, I believe such
> an upgrade might be popular in the broader community, which is
> generally tired of PAM. The only prerequisite to execute those scripts
> would be a working copy of GNU Guile (i.e. no libpam or libc).

Hmm are you suggesting a PAM rewrite in Guile?

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.