This Time Self-Hosted
dark mode light mode Search

I’m gonna go nuts

Yes, still PAM.

So today I decided to bump pam_passwdqc, that is an alternative password strength validation tool to cracklib; I find it important mostly because it’s one of the default modules installed by FreeBSD, and so we need it for Gentoo/FreeBSD (although it’s not keyworded yet). And as usual, I got caught in looking at what else needed some cleanup and bump.

I also decided to start a Google Calendar trying to track down the dates when I should mark stuff stable, or when something is going to happen, so if you want to know when I plan to do something, that is what you should look at. (It’s almost empty right now, I’m gonna fill it today, give me time).

But what is going to drive me crazy is the amount of PAM modules, not maintained by PAM team (me), that install files in /etc/pam.d. It’s a stupid thing to do and screws users up, plus it creates more work for me that I need to track down what did the user merge that broke it.

The last straw was pam_console, that is namely maintained by PAM herd (even if I told gentopia if they needed it they had to take it over), but was modified by Steev to install pam.d files for login and gdm… no wonder that a lot of users are being screwed lately.

To be fair, Steev is not the only one who made this mistake, so I hope that all the developers reading me now will take the message as official: If you maintain a PAM module, make sure it does not install any pam.d file for login, system-auth, or any other service not used by it, or I’m gonna kick your ass.


Now I have to take care of PAM, write the documentation, and also audit all the pam modules in portage so that they don’t do really stupid stupid stuff, and hope that people won’t screw up their systems even more in the future.

Comments 2
  1. I don’t really understand what you are talking about, but thanks for your hard work :).

  2. thanks for looking after all the pam stuff Diego. i think you’re probably the only person we have that understands it.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.