Re: bug or feature?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2003-12-05 at 22:12, Rick Stevens wrote:
> nosp wrote:
> >>[FC1's PAM is configured to cache users' access to root by default]
> > [why?]
> I think it was something called "laziness".

grep pam_timestamp /etc/pam.d/* | wc
     73     219    5028

I'd hire the lazy bastard :).

> For my money, it should be a configurable thing:

It is...

> 
> 	1) Only grant root privileges for _this_ job

Possible

> 	2) Only grant root privileges for "n" minutes on THIS virtual
> 	   terminal

Dunno -- maybe see the pam_group module at
http://www.us.kernel.org/pub/linux/libs/pam/

> 	3) Only grant root privileges for "n" minutes for this parent
> 	   process (e.g. shell session)

Dunno.

> with the default being 1, above.

You can probably get what you want by removing the pam_timestamp line
from every file in /etc/pam.d .

> That's my opinion and I'm sticking with it! ;-)

As long as both opinions can be configured I'm happy.  As to my opinion
on the default, I'll stick with my agnostic and hoping-to-be-enlightened
opinion too :).


PS. I suppose we would get some general PAM answers on the pam mailing
list -- https://listman.redhat.com/mailman/listinfo/pam-list -- but I
think this question -- "Why is the FC1 default PAM configuration set to
use pam_timestamp" still is on-topic.





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux