Re: [Usability]Re: User Managment
- From: Havoc Pennington <hp redhat com>
- To: Bastien Nocera <hadess hadess net>
- Cc: usability gnome org, GNOME Desktop Hackers <desktop-devel-list gnome org>
- Subject: Re: [Usability]Re: User Managment
- Date: 19 Aug 2002 18:58:56 -0400
Bastien Nocera <hadess hadess net> writes:
> No, the point is to have a dead simple helper script that would launch
> *either* gnome-sudo, the consolehelper or activate whatever mechanism
> the distribution/Unix system has available for that purpose.
>
> That way the setup tool developer knows that this command will be
> available on every system, and will do the right thing on the
> system.
I understand. ;-) The point is with PAM there is no wrapper app thingy
for the dead simple helper script to launch. You have to install a PAM
config file for the app - I don't see what you could do that involved
only a .desktop file.
You might be able to step back and rethink some things and come up
with a coherent whole, but probably some changes to the PAM setup are
required, at minimum.
The way PAM works you have per-application configuration for how to
authenticate the app. Now you can have PAM configuration for su or
sudo - in fact Red Hat does - and you could have same for
gnome-sudo. But if you are always using gnome-sudo to elevate
privileges, then you lose one of the claimed benefits of PAM, which is
per-application config.
i.e. you can make gnome-sudo work on a PAM system, but in principle
you don't want to. Which is why PAM-based distributions would probably
want to drop it.
Havoc
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
