Comment 3 for bug 334763
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 334763] Re: pam-auth-update should ignore backup files in /usr/share/pam-configs/krb5 | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Fri, Feb 27, 2009 at 08:20:58AM -0000, Michael Kofler wrote:
> > you should not edit package-owned files under /usr/share
> what is the recommended mechanism to adjust PAM settings?
For module options, edit them directly in /etc/pam.
/stack/ constructed by pam-auth-update is unsuitable for your needs, don't
enable that module profile at all and configure your stack by hand.
pam-auth-update isn't intended to be a comprehensive solution to all users'
auth configuration needs, it's just intended to cover 99% of the use cases.
> not everyone will be happy with the defaults
However, I think it will be very rare that users need to change the
minimum_uid option to pam_krb5. On Debian and Ubuntu systems, 1000 is the
documented boundary between system accounts and user accounts; and it's rare
to have user accounts split between local and network accounts when using
kerberos.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>