On Fri, Feb 27, 2009 at 08:20:58AM -0000, Michael Kofler wrote:
> > you should not edit package-owned files under /usr/share
> what is the recommended mechanism to adjust PAM settings?
For module options, edit them directly in /etc/pam.d/common-*. If the
/stack/ constructed by pam-auth-update is unsuitable for your needs, don't
enable that module profile at all and configure your stack by hand.
pam-auth-update isn't intended to be a comprehensive solution to all users'
auth configuration needs, it's just intended to cover 99% of the use cases.
> not everyone will be happy with the defaults
However, I think it will be very rare that users need to change the
minimum_uid option to pam_krb5. On Debian and Ubuntu systems, 1000 is the
documented boundary between system accounts and user accounts; and it's rare
to have user accounts split between local and network accounts when using
kerberos.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>
On Fri, Feb 27, 2009 at 08:20:58AM -0000, Michael Kofler wrote:
> > you should not edit package-owned files under /usr/share
> what is the recommended mechanism to adjust PAM settings?
For module options, edit them directly in /etc/pam. d/common- *. If the
/stack/ constructed by pam-auth-update is unsuitable for your needs, don't
enable that module profile at all and configure your stack by hand.
pam-auth-update isn't intended to be a comprehensive solution to all users'
auth configuration needs, it's just intended to cover 99% of the use cases.
> not everyone will be happy with the defaults
However, I think it will be very rare that users need to change the
minimum_uid option to pam_krb5. On Debian and Ubuntu systems, 1000 is the
documented boundary between system accounts and user accounts; and it's rare
to have user accounts split between local and network accounts when using
kerberos.
-- www.debian. org/
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>