Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 473548

Summary: sys-auth/pambase-20120417: consolekit used for remote connections
Product: Gentoo Linux Reporter: Martin von Gagern <Martin.vGagern>
Component: Current packagesAssignee: Mikle Kolyada (RETIRED) <zlogene>
Status: RESOLVED FIXED    
Severity: normal CC: pam-bugs+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 727730    
Bug Blocks:    

Description Martin von Gagern 2013-06-17 07:17:32 UTC 
I just noticed the following inconsistency: the pam_ck_connector module manpage states:

“This PAM module should be used with caution; only local
 login managers such as login(1) should use this.”

So I'd have expected it to be used in LOCAL PAM configurations. However, it apparently is used for remote sessions as well: it is included in system-login, which gets included both from system-remote-login and system-local-login. This seems like a bug to me: judging from the manual (and this kind of makes sense if you want to decide whether someone controls the console), I'd expect this module to only go into system-local-login. Sure, I can reconfigure this locally, but others probably won't inspect their PAM config and still expect sane defaults.

If there is indeed a reason why the configuration should be different by default, then that fact should perhaps be documented somewhere, e.g. in a comment line in that configuration file. And if that reason is not specific to Gentoo, then it might make sense to contact upstream about it, and request a suitable change to the man page.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-08-04 14:34:47 UTC 
consolekit support was removed in 20200804