Comment 19 for bug 395281
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 395281] Re: pam_ck_connector.so is called for non-login sessions | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
On Tue, Dec 14, 2010 at 01:22:22AM -0000, Max Bowsher wrote:
> It's far from uncommon to use su in startup scripts - even ones crafted
> by local sysadmins. I don't think defining 'su' to start a CK session is
> the right thing to do.
su *is* the wrong tool to use for starting services, because su *is* defined
to start PAM sessions. pam_ck_connector is not the only PAM module that may
get called by su that shouldn't be called when starting a service - such as
pam_limits, to pick one commented out example from /etc/pam.d/su itself.
That local sysadmins *may* make uninformed choices when writing their init
scripts doesn't change the fact that you don't want to start a PAM session
from an init script, and the adverse interactions with pam_ck_connect are
only one symptom of this.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>