8On Fri, Dec 10, 2010 at 03:27:36PM -0000, Martin Pitt wrote:
> This is really a bug in the libpam-ck-connector PAM integration. It shouldn't be in common-session, but in /etc/pam.d/login only.
> /usr/share/pam-configs/consolekit already says "Session-Interactive-Only:
> yes", so pam-auth-update shoudln't put it in common-session in the first
> place (as this is also called for cron and the like)?
No, common-session is the file for "interactive" services; "noninteractive"
services need to include common-session-noninteractive instead of
common-session, and any noninteractive service that is including
common-session is buggy.
> If pam-auth-update can't put stuff into /etc/pam.d/login
It does not, no. But that should be immaterial; if these extra entries are
coming from cron, that was fixed in karmic.
OTOH, if they're coming from an init script that's calling 'su', that's a
buggy init script; init scripts should use start-stop-daemon, not su.
Maybe login is the *only* service that pam_ck_connector should be applied
to for other reasons because the distinction between login and non-login
*interactive* sessions matters, but I don't think ck-history should be a
reason for that.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>
8On Fri, Dec 10, 2010 at 03:27:36PM -0000, Martin Pitt wrote: pam-configs/ consolekit already says "Session- Interactive- Only:
> This is really a bug in the libpam-ck-connector PAM integration. It shouldn't be in common-session, but in /etc/pam.d/login only.
> /usr/share/
> yes", so pam-auth-update shoudln't put it in common-session in the first
> place (as this is also called for cron and the like)?
No, common-session is the file for "interactive" services; "noninteractive" session- noninteractive instead of
services need to include common-
common-session, and any noninteractive service that is including
common-session is buggy.
> If pam-auth-update can't put stuff into /etc/pam.d/login
It does not, no. But that should be immaterial; if these extra entries are
coming from cron, that was fixed in karmic.
OTOH, if they're coming from an init script that's calling 'su', that's a
buggy init script; init scripts should use start-stop-daemon, not su.
Maybe login is the *only* service that pam_ck_connector should be applied
to for other reasons because the distinction between login and non-login
*interactive* sessions matters, but I don't think ck-history should be a
reason for that.
-- www.debian. org/
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>