GNU bug report logs - #72316
[PATCH 0/3] Switch to Guile-PAM.

Previous Next

Package: guix-patches;

Reported by: Felix Lechner <felix.lechner <at> lease-up.com>

Date: Fri, 26 Jul 2024 22:03:02 UTC

Severity: normal

Tags: patch

Full log

View this message in rfc822 format

From: Felix Lechner <felix.lechner <at> lease-up.com>
To: 72316 <at> debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, Ludovic Courtès <ludo <at> gnu.org>, Z572 <zhengjunjie <at> iscas.ac.cn>, Florian Pelz <pelzflorian <at> pelzflorian.de>, Felix Lechner <felix.lechner <at> lease-up.com>, Matthew Trzcinski <matt <at> excalamus.com>, Liliana Marie Prikler <liliana.prikler <at> gmail.com>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, Noé Lopez <noelopez <at> free.fr>, Vivien Kraus <vivien <at> planete-kraus.eu>
Subject: [bug#72316] [PATCH v2 0/3] Switch to Guile-PAM
Date: Thu,  1 May 2025 06:42:34 -0700

Hi Z572,

Yes, you are right.  More testing is needed before Guile-PAM can manage other
modules.  Will you push the package definition and the service, i.e. the first
two commits?

With the service, folks can write their own modules.  Then they can do all the
things they always wanted, like set kernel limits in one line [1] or mount
FUSE based-drives upon login. [2]

I worked on this thing for ten years and believe it could be a game changer.

Switching to Guile-PAM is not that radical: The third commit merely runs the
stack in Guile but still uses the modules from Linux-PAM.  At about five
hundred lines of code, the Guile stack is much easier to read (or audit) than
the stack in Linux-PAM, but I agree we should wait.

Please feel free to push the first two commits.  I will show folks how to use
them.  Thanks!

Kind regards
Felix

[1] https://codeberg.org/lechner/system-config/src/commit/0ca80a773408d5934285288ca8da03b9675e9f75/host/lechner-desktop/operating-system.scm#L75
[2] https://codeberg.org/lechner/away/src/commit/2aba38327c1ada959656c58c2f515072c864d983/pam.scm#L76-L80

Felix Lechner (3):
  Add guile-pam.
  Add a guile-pam-module service.
  Switch to Guile-PAM.

 doc/guix.texi                   |  89 ++++++++++
 gnu/local.mk                    |   1 +
 gnu/packages/linux.scm          |  71 ++++++++
 gnu/services/authentication.scm |   9 +-
 gnu/services/base.scm           |  16 +-
 gnu/services/desktop.scm        |  14 +-
 gnu/services/kerberos.scm       |  12 +-
 gnu/services/lightdm.scm        |  69 ++++++--
 gnu/services/pam-mount.scm      |   5 +-
 gnu/services/pam.scm            | 105 +++++++++++
 gnu/services/sddm.scm           |  91 +++++++---
 gnu/services/xorg.scm           |  17 +-
 gnu/system/pam.scm              | 296 ++++++++++++++++++++++++++------
 13 files changed, 686 insertions(+), 109 deletions(-)
 create mode 100644 gnu/services/pam.scm


base-commit: 304f8bebbb3bc77b27be7ead82f2d79a10fe1843
-- 
2.49.0
This bug report was last modified 88 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.