I have to say, writing documentation for PAM is not a good thing on its own, but doing so in a boring, hot summer, while also taking caere of a PAM bump, and knowing that this is probably going to be useless for the most part (a good deal of the documentation that I’ve written to date is ignored by most people, considering the repeated questions which answers were on the documents I wrote in the past), well, let’s just say that if I didn’t stop tonight, I would have gone crazy.
Not only I need to write down how things should be done nowadays, but I’m also taking the chance to work on implementing the trick that I blogged about just before. The idea on itself should be pretty easy to implement through bash, the problem is making it decent with respect to automation and of course performance, we don’t want for sure to make it tremendously slow, even if it’s not executed every other ebuild.
Following that, I was also thinking about trying to enfatise the idea to make the PAM implementation switchable, by moving the common configuration files into a pambase package that can be shared between systems: if my semi-automated setup can be easily implemented, I can have a single system-auth file that can just be re-emerged to change configuration from Linux-specific to FreeBSD specific. I know it sounds crazy, but on the long run, it might make very easy to support further PAM implementations (I would be surprised if no other implementation will appear in the next years).
Anyway to give the proper merits to Linux-PAM authors, with the bump today I was able to drop one patch: berkdb support is no more an automagic dependency, there is an option to disable it without having to patch it in myself. I also modified the patch to support an ad hoc build of berkdb, using the _pam suffix for libraries and symbols. If I’m lucky, upstream will pick them up for the next release.
Talking about Gentoo/FreeBSD, I’m considering preparing and sending upstream some patches to add a few missing features to their pam modules, it levels the differences between the two operating systems and should be quite useful to vanilla FreeBSD users, too.
Anyway, tomorrow I’ll have to resume my dirty work to improve PAM support in Gentoo and the documentation; maybe one day someone else will be able to make use of this foundation to make it working as a swiss clock. Considering it’s a really unpleasant task, for once I will not even think of rejecting if someone wanted to sponsor me for it, especially considering I’m currently unemployed, but I doubt this will ever happen: who the hell would waste resource in this area? It’s probably not worth trying.
