A reminder, as requested by Flameeyes... ;)
Half done, sudo-1.6.9_p14 and 1.7_beta3 use system-login rather than system-auth.
(In reply to comment #1) > Half done, sudo-1.6.9_p14 and 1.7_beta3 use system-login rather than > system-auth. > It seems that (I could be mistaken however, PAM > me) as a result of this sudo now prints lastlogin/motd whenever I use it (even after it asks it has already asked the password on first invocation) which I find slightly (not not a big deal however) annoying: # sudo echo foo Last login: Fri Mar 21 20:37:06 CET 2008 from magrathea on pts/8 Welcome to Magrathea! foo Is this an oversight/unintended result, or should I just customize my pam files if I don't want this?
Same here, I found it quite annoying as well, but one can get used to it. Much more annoying is the recent gdm behaviour change -- it displays a dialog box with lastlogin data every time I log in... Is this intended, unrelated to this bug, or something else? :) Complete ~amd64 here, btw.
Ok, I just updated pam to 1.0.0 and sudo now uses system-auth and thus no more motd/lastlogin messages, now that I think about it, maybe I misread Diego's post and the intention was exactly to make it use system-aouth Either way, thanks!
Really, why should sudo or su use system-login? Should they have an optional pam_gnome_keyring.so? An optional pam_lastlog.so? An optional pam_mail.so? The problem with gdm is the same, since it actually does use system-login. Why should gdm use pam_mail.so, pam_lastlog.so, or pam_motd.so? So yes, the gdm crap *is* related to using system-login. system-auth is a perfect default: it contains just the things that *should* be inhered by all things pam. The problem with system-login is that it contains all kinds of extra things, making it unsuitable for general inheritance. My question is: what exactly is the point of system-login? It contains way to much stuff to make it suitable as a 'default pam thing for logins'. That would be system-auth's job, for a minimal set of general things. If we want to do all kinds of special things on console/gdm whatever logins, login/gdm/whatever would be the place to specify them.
sudo has already backed away, as per GDM, it is interesting how it behaves, but I'd rather not create a new system-console-local-login configuration file, so I'd say look in gdm's way to find a solution.