[Pkg-shadow-commits] r560 - trunk

Alexander Gattin xrgtn-guest at costa.debian.org
Sun Oct 2 17:12:46 UTC 2005 

Author: xrgtn-guest
Date: 2005-10-02 17:12:45 +0000 (Sun, 02 Oct 2005)
New Revision: 560

Modified:
   trunk/details_4.0.3-39_to_4.0.11.1
Log:
chfn/chsh pam-ification notes plus several typos fixed

Modified: trunk/details_4.0.3-39_to_4.0.11.1
===================================================================
--- trunk/details_4.0.3-39_to_4.0.11.1	2005-10-02 08:53:09 UTC (rev 559)
+++ trunk/details_4.0.3-39_to_4.0.11.1	2005-10-02 17:12:45 UTC (rev 560)
@@ -88,16 +88,16 @@
 [!] shadow-4.0.3/etc/login.defs	(check that these changes are also in the debian login.defs)
 [!] shadow-4.0.3/etc/login.defs.linux (see above)
 [x] shadow-4.0.3/etc/Makefile.in
-[*] shadow-4.0.3/etc/pam.d/chage	(added, Debain do not use PAM for chage)
-[*] shadow-4.0.3/etc/pam.d/chpasswd	(added, Debain do not use PAM for chage)
-[*] shadow-4.0.3/etc/pam.d/groupadd	(added, Debain do not use PAM for chage)
-[*] shadow-4.0.3/etc/pam.d/groupdel	(added, Debain do not use PAM for chage)
-[*] shadow-4.0.3/etc/pam.d/groupmod	(added, Debain do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/chage	(added, Debian do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/chpasswd	(added, Debian do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/groupadd	(added, Debian do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/groupdel	(added, Debian do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/groupmod	(added, Debian do not use PAM for chage)
 NOTE: all these used to use the "shadow" file
 [ ] shadow-4.0.3/etc/pam.d/login
 [*] shadow-4.0.3/etc/pam.d/Makefile.am
 [x] shadow-4.0.3/etc/pam.d/Makefile.in
-[*] shadow-4.0.3/etc/pam.d/newusers	(added, Debain do not use PAM for chage)
+[*] shadow-4.0.3/etc/pam.d/newusers	(added, Debian do not use PAM for chage)
 [ ] shadow-4.0.3/etc/pam.d/shadow
 [ ] shadow-4.0.3/etc/pam.d/su
 [*] shadow-4.0.3/etc/pam.d/useradd
@@ -139,7 +139,7 @@
 NOTE: we should check if it works with an SELINUX Debian
 [*] shadow-4.0.3/lib/commonio.h
 [*] shadow-4.0.3/lib/defines.h
-[?] shadow-4.0.3/lib/dialchk.c	(no more dialup functionnality)
+[?] shadow-4.0.3/lib/dialchk.c	(no more dialup functionality)
 [?] shadow-4.0.3/lib/dialchk.h
 [?] shadow-4.0.3/lib/dialup.c
 [?] shadow-4.0.3/lib/dialup.h
@@ -423,6 +423,7 @@
 NOTE: printf ("\t%s: %s\n", _("Room Number"), roomno);
       not l18n OK
 [!] One section put in "ifndef USE_PAM"
+NOTE: see shadow-4.0.3/src/chsh.c below
 nscd_flush_cache ("passwd");
 )
 [*] shadow-4.0.3/src/chpasswd.c	(
@@ -436,7 +437,12 @@
 NDBM support removed
 [*] s/CHFN_AUTH/CHSH_AUTH/ (CHSH added to login.defs, must be set to yes by default) (in a ifndef USE-PAM section)
 [!] ifndef USE_PAM section added => no authentication required if PAM
-NOTE: maybe a PAM authentication should be required.
+NOTE: maybe instead of custom authentication and authorisation it's time to
+      start using PAM authentication and only keep custom authorisation
+      (which allows root to change anyone's shell, while allows anyone to
+      change her own only)?
+      This would involve using slightly different pam.d/chsh (and pam.d/chfn)
+      -- I mean add pam_rootok there.
 nscd_flush_cache ("passwd");
 )
 [!] shadow-4.0.3/src/chsh_chkshell.c	(

More information about the Pkg-shadow-commits mailing list