patch to add a PAMServiceName config option
pod
pod at herald.ox.ac.uk
Sun Dec 29 01:44:17 EST 2002
>>>>> "KS" == Kevin Steves <stevesk at pobox.com> writes:
KS> we don't need an option for this. use __progname.
I quite accept that this patch won't be merged and that __progname is a
way to achieve a similar effect. However, I make two points in favour of
the patch.
Firstly if sshd is compiled with, say, -DSSHD_PAM_SERVICE="ssh" then you
can no longer use __progname to change the PAM service name. The service
name is always "ssh". [Debian do this. It may be as a result of
deliberate policy. It may be a packaging bug. I haven't pursued
further. This was my original motivation for creating the patch.]
Secondly forcing use of __progname comes close to mixing two different
namespaces, namely the namespace of executables and the namespace of PAM
services (or, alternatively, files in /etc/pam.d or wherever). [If Debian
were to compile such that the PAM service name came from __progname they
also have to arrange for the _daemon_ executable to be invoked with
argv[0] "ssh". It all seems to become a little messy.]
More information about the openssh-unix-dev
mailing list