[Mageia-dev] absurd comment in default sshd configuration file
Colin Guthrie
mageia at colin.guthr.ie
Tue May 15 16:34:14 CEST 2012
'Twas brillig, and Guillaume Rousse at 15/05/12 15:02 did gyre and gimble:
> # WARNING: 'UsePAM no' is not supported in Mageia and may cause several
> # problems.
> I wonder about the usefulness of such comment...
>
> What does means 'not supported' ? The software has been patched, and its
> behaviour changed in such a way that it will not work as documented ? Or
> any bug report on bugzilla will automatically result in a question 'did
> you change UsePAM directive in sshd' before even attempting to identify
> end user problem ?
>
> And as changing ANY configuration directive in ANY software may result
> in problems, what's the point of a specific warning here ?
>
> So, what's the added value of this comment over default configuration ?
I didn't specifically think too hard about putting a comment in the
config file but I stand by it's usefulness.
Patch taken directly from Fedora | sed s/Fedora/Mageia/
The point of it is that if you turn off PAM support you may have issues
with tracking logins via SSH (i.e. pam_systemd will not be processed and
user sessions will be tracked as child processes of the ssh daemon
service itself and not as child processes of a user session. This means
that restarting SSH service will likely kill off any ssh connections,
including the current one if you set "UsePAM no".
As this is an issue that has confused several people, I think extra
exposure is a good thing. If you want to deal with the bugs resulting
from incorrect settings and explain to people again and again, then
fine, we can remove it.
Col
--
Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the Mageia-dev
mailing list