On Tue, Jan 09, 2018 at 04:30:56PM +0100, Pavel Březina wrote:
> On 01/05/2018 05:21 PM, Zbigniew Jędrzejewski-Szmek wrote:
>> On Fri, Jan 05, 2018 at 02:50:45PM +0100, Jan Kurik wrote:
>>> = System Wide Change: Make authselect default tool instead of authconfig =
>>>
https://fedoraproject.org/wiki/Changes/AuthselectAsDefault
>>
>> Does this change do anything to reduce the number of files in /etc
>> that do not contain local configuration? PAM is currently one of the
>> worst offenders, with /etc/pam.d full of "configuration" files.
>
> No. The files must stay since it would require changes in pam itself
> and that is out of scope of authselect. Each file corresponds to
> individual pam service and is read when pam_start(service_name, ...)
> is called.
>
>> Elsewhere in the thread /usr/share/authselect/custom is metioned as
>> directory for admin config. That's OK-ish, as long as you also allow
>> a directory in /etc for the same purpose. /usr must be allowed to be
>> immutable.
>
> Would /usr/local be OK as well?
/usr/local is special. Packages are not allowed to put stuff there [1],
and it is instead an alternate install location that is under the
control of the administrator. It seems reasonable to support
authselect configuration located there.
/usr/share/authselect and /etc/authselect are the two main locations
that should be supported, and /usr/local/share/autselect would be an
additional option.
[1]
https://fedoraproject.org/wiki/Packaging:Guidelines#No_Files_or_Directori...
Thank you for the info. I created upstream ticket to track this change: