* su currently requires PAM
@ 2021-12-27 15:26 Bruce Dubbs
2022-01-06 13:27 ` Karel Zak
0 siblings, 1 reply; 4+ messages in thread
From: Bruce Dubbs @ 2021-12-27 15:26 UTC (permalink / raw)
To: util-linux
In linuxfromscratch, we have been using su from the shadow package because the
util-linux version requires Linux-PAM. Recently the maintainers of shadow have
announced that they are deprecating su. Our problem is that some of our users prefer
to not install PAM.
Is it possible to make the requirement of Linux-PAM optional in the util-linux
version of su? From a preliminary inspection of the code, it looks like only
login-utils/su-common.c would need to be modified with some #ifdef constructs, but I
am not completely comfortable doing that myself.
I am asking one of the maintainers to make the change, but I am willing to attempt
creating a patch if no one else wants to do it and the approach would be acceptable
to the util-linux project.
-- Bruce Dubbs
linuxfromscratch.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: su currently requires PAM
2021-12-27 15:26 su currently requires PAM Bruce Dubbs
@ 2022-01-06 13:27 ` Karel Zak
2022-01-06 14:39 ` Serge E. Hallyn
0 siblings, 1 reply; 4+ messages in thread
From: Karel Zak @ 2022-01-06 13:27 UTC (permalink / raw)
To: Bruce Dubbs; +Cc: util-linux, Serge E. Hallyn
On Mon, Dec 27, 2021 at 09:26:01AM -0600, Bruce Dubbs wrote:
> In linuxfromscratch, we have been using su from the shadow package because
> the util-linux version requires Linux-PAM. Recently the maintainers of
> shadow have announced that they are deprecating su. Our problem is that
> some of our users prefer to not install PAM.
I had a discussion about it with Serge (in CC), it seems the current
the conclusion is that "for now shadow will have to keep shipping su".
> Is it possible to make the requirement of Linux-PAM optional in the
> util-linux version of su? From a preliminary inspection of the code, it
> looks like only login-utils/su-common.c would need to be modified with some
> #ifdef constructs, but I am not completely comfortable doing that myself.
The problem is not #ifdef, but that you need local reimplementation
for the very basic PAM functionality.
I have suggested creating some minimalistic library with PAM
compatible API, but without all the functionality. Maybe we can
develop this library in util-linux and later offer it to other
projects. Volunteers? ;-)
Another possibility is to improve the original PAM to make it possible
to compile it without modules, etc.
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: su currently requires PAM
2022-01-06 13:27 ` Karel Zak
@ 2022-01-06 14:39 ` Serge E. Hallyn
2022-01-06 15:48 ` Bruce Dubbs
0 siblings, 1 reply; 4+ messages in thread
From: Serge E. Hallyn @ 2022-01-06 14:39 UTC (permalink / raw)
To: Karel Zak; +Cc: Bruce Dubbs, util-linux, Serge E. Hallyn
On Thu, Jan 06, 2022 at 02:27:46PM +0100, Karel Zak wrote:
> On Mon, Dec 27, 2021 at 09:26:01AM -0600, Bruce Dubbs wrote:
> > In linuxfromscratch, we have been using su from the shadow package because
> > the util-linux version requires Linux-PAM. Recently the maintainers of
> > shadow have announced that they are deprecating su. Our problem is that
> > some of our users prefer to not install PAM.
>
> I had a discussion about it with Serge (in CC), it seems the current
> the conclusion is that "for now shadow will have to keep shipping su".
I haven't mentioned it in the Changelog, but have implied here
https://github.com/shadow-maint/shadow/issues/464
that yes we will not drop su in shadow until there is an alternative.
> > Is it possible to make the requirement of Linux-PAM optional in the
> > util-linux version of su? From a preliminary inspection of the code, it
> > looks like only login-utils/su-common.c would need to be modified with some
> > #ifdef constructs, but I am not completely comfortable doing that myself.
>
> The problem is not #ifdef, but that you need local reimplementation
> for the very basic PAM functionality.
>
> I have suggested creating some minimalistic library with PAM
> compatible API, but without all the functionality. Maybe we can
> develop this library in util-linux and later offer it to other
> projects. Volunteers? ;-)
>
> Another possibility is to improve the original PAM to make it possible
> to compile it without modules, etc.
>
> Karel
>
> --
> Karel Zak <kzak@redhat.com>
> http://karelzak.blogspot.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: su currently requires PAM
2022-01-06 14:39 ` Serge E. Hallyn
@ 2022-01-06 15:48 ` Bruce Dubbs
0 siblings, 0 replies; 4+ messages in thread
From: Bruce Dubbs @ 2022-01-06 15:48 UTC (permalink / raw)
To: Serge E. Hallyn, Karel Zak; +Cc: util-linux
On 1/6/22 8:39 AM, Serge E. Hallyn wrote:
> On Thu, Jan 06, 2022 at 02:27:46PM +0100, Karel Zak wrote:
>> On Mon, Dec 27, 2021 at 09:26:01AM -0600, Bruce Dubbs wrote:
>>> In linuxfromscratch, we have been using su from the shadow package because
>>> the util-linux version requires Linux-PAM. Recently the maintainers of
>>> shadow have announced that they are deprecating su. Our problem is that
>>> some of our users prefer to not install PAM.
>>
>> I had a discussion about it with Serge (in CC), it seems the current
>> the conclusion is that "for now shadow will have to keep shipping su".
That sounds good. Thanks for looking into it.
-- Bruce
> I haven't mentioned it in the Changelog, but have implied here
> https://github.com/shadow-maint/shadow/issues/464
> that yes we will not drop su in shadow until there is an alternative.
>
>>> Is it possible to make the requirement of Linux-PAM optional in the
>>> util-linux version of su? From a preliminary inspection of the code, it
>>> looks like only login-utils/su-common.c would need to be modified with some
>>> #ifdef constructs, but I am not completely comfortable doing that myself.
>>
>> The problem is not #ifdef, but that you need local reimplementation
>> for the very basic PAM functionality.
>>
>> I have suggested creating some minimalistic library with PAM
>> compatible API, but without all the functionality. Maybe we can
>> develop this library in util-linux and later offer it to other
>> projects. Volunteers? ;-)
>>
>> Another possibility is to improve the original PAM to make it possible
>> to compile it without modules, etc.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-01-06 15:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-27 15:26 su currently requires PAM Bruce Dubbs
2022-01-06 13:27 ` Karel Zak
2022-01-06 14:39 ` Serge E. Hallyn
2022-01-06 15:48 ` Bruce Dubbs
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.