From: "Serge E. Hallyn" <serge@hallyn.com>
To: Karel Zak <kzak@redhat.com>
Cc: Bruce Dubbs <bruce.dubbs@gmail.com>,
util-linux@vger.kernel.org, "Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: su currently requires PAM
Date: Thu, 6 Jan 2022 08:39:50 -0600 [thread overview]
Message-ID: <20220106143950.GB24764@mail.hallyn.com> (raw)
In-Reply-To: <20220106132746.pcxng3anm5kave6w@ws.net.home>
On Thu, Jan 06, 2022 at 02:27:46PM +0100, Karel Zak wrote:
> On Mon, Dec 27, 2021 at 09:26:01AM -0600, Bruce Dubbs wrote:
> > In linuxfromscratch, we have been using su from the shadow package because
> > the util-linux version requires Linux-PAM. Recently the maintainers of
> > shadow have announced that they are deprecating su. Our problem is that
> > some of our users prefer to not install PAM.
>
> I had a discussion about it with Serge (in CC), it seems the current
> the conclusion is that "for now shadow will have to keep shipping su".
I haven't mentioned it in the Changelog, but have implied here
https://github.com/shadow-maint/shadow/issues/464
that yes we will not drop su in shadow until there is an alternative.
> > Is it possible to make the requirement of Linux-PAM optional in the
> > util-linux version of su? From a preliminary inspection of the code, it
> > looks like only login-utils/su-common.c would need to be modified with some
> > #ifdef constructs, but I am not completely comfortable doing that myself.
>
> The problem is not #ifdef, but that you need local reimplementation
> for the very basic PAM functionality.
>
> I have suggested creating some minimalistic library with PAM
> compatible API, but without all the functionality. Maybe we can
> develop this library in util-linux and later offer it to other
> projects. Volunteers? ;-)
>
> Another possibility is to improve the original PAM to make it possible
> to compile it without modules, etc.
>
> Karel
>
> --
> Karel Zak <kzak@redhat.com>
> http://karelzak.blogspot.com
next prev parent reply other threads:[~2022-01-06 14:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-27 15:26 su currently requires PAM Bruce Dubbs
2022-01-06 13:27 ` Karel Zak
2022-01-06 14:39 ` Serge E. Hallyn [this message]
2022-01-06 15:48 ` Bruce Dubbs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220106143950.GB24764@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=bruce.dubbs@gmail.com \
--cc=kzak@redhat.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.