[Mageia-dev] Installer setting sshd UsePAM to no

Tue May 15 18:47:10 CEST 2012

Hello,
+
+As seen in previous thread, it is recommended to have UsePAM set to yes
+in sshd configuration. This is the default value in the config file
+provided by the openssh-server package. However, it seems the
+"authentication" part of the installer or drakauth sets UsePAM to no
+when local authentication is selected :
+http://svnweb.mageia.org/soft/drakx/trunk/perl-install/authentication.pm?revision=3714&view=markup#l328
+
+So most people will have UsePAM set to no.
+
+I propose that the installer stop changing the UsePAM option, with
+the following patch.
+
+What do you think ?
+
+Index: perl-install/authentication.pm
+===================================================================
+--- perl-install/authentication.pm	(revision 4522)
++++ perl-install/authentication.pm	(working copy)
+@@ -325,7 +325,6 @@
+ 
+     my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind
+does not know $kind");
+     $pam_modules ||= [];
+-    sshd_config_UsePAM(@$pam_modules > 0);
+     set_pam_authentication($pam_modules, $authentication->{ccreds});
+ 
+     my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does
+not know $kind");
+@@ -781,18 +780,6 @@
+ 
+ }
+ 
+-sub sshd_config_UsePAM {
+-    my ($UsePAM) = @_;
+-    my $sshd = "$::prefix/etc/ssh/sshd_config";
+-    -e $sshd or return;
+-
+-    my $val = "UsePAM " . bool2yesno($UsePAM);
+-    substInFile {
+-	$val = '' if s/^#?UsePAM.*/$val/;
+-	$_ .= "$val\n" if eof && $val;
+-    } $sshd;
+-}
+-
+ sub query_srv_names {
+     my ($domain) = @_;
+ 
+
+