On Tue, Oct 12, 2021 at 1:13 PM Michael Catanzaro <mcatanzaro(a)gnome.org> wrote:
This change is well-considered and includes detailed reasoning to
support it. Looks good to me.
I think the change proposal should be renamed, though, since authselect
would clearly not *actually* be mandatory. Of course you'll risk severe
breakage if you turn it off and edit these low-level configurations
directly, but that is really no different than it was before.
On Tue, Oct 12 2021 at 11:45:28 AM -0400, Neal Gompa
<ngompa13(a)gmail.com> wrote:
> PAM gained support for systemd-style overlay configuration some time
> ago. Actually a number of core system components did, if the libeconf
> dependency is turned on. Instead of forcing authselect, we should
> probably make sure base functional configuration is shipped in
> something like /usr/share/pam/pam.d or something like that.
That is not possible with nsswitch.conf, though. This proposal is a
good solution to the problems we've had with correctly maintaining
nsswitch.conf. The status quo (see "Therefore we can split users into
four groups:" in the change proposal) is just not good compared to
Fedora's usual quality standards, and this change proposal would
address all of the problems we've had. Also, I'm pretty sure the
scriptlets we currently rely on to maintain correct configurations just
do not work at all on Silverblue/Kinoite/CoreOS (where editing /etc in
RPM scriplets just does not work), and I suspect nobody really knows
what the situation there is for users who have upgraded from older
releases.
Why hasn't the nsswitch.conf situation been fixed to work in
/usr/share like it does in /etc?
--
真実はいつも一つ!/ Always, there's only one truth!