From Fedora Project Wiki
No edit summary
No edit summary
Line 75: Line 75:


== User Experience ==
== User Experience ==
<!-- If this change proposal is noticeable by users, how will their experiences change as a result?
Users won't experience any change.
 
This section partially overlaps with the Benefit to Fedora section above. This section should be primarily about the User Experience, written in a way that does not assume deep technical knowledge. More detailed technical description should be left for the Benefit to Fedora section.
 
Describe what Users will see or notice, for example:
  - Packages are compressed more efficiently, making downloads and upgrades faster by 10%.
  - Kerberos tickets can be renewed automatically. Users will now have to authenticate less and become more productive. Credential management improvements mean a user can start their work day with a single sign on and not have to pause for reauthentication during their entire day.
- Libreoffice is one of the most commonly installed applications on Fedora and it is now available by default to help users "hit the ground running".
- Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
-->


== Dependencies ==
== Dependencies ==
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this change depends?  In other words, completion of another change owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel change)? -->
This change depends on other packages removing pam_console from their PAM stack. I have identified five packages and I have opened a bugzilla for all of them:
 
* xorg-x11-server - https://bugzilla.redhat.com/show_bug.cgi?id=1822209
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* lxdm - https://bugzilla.redhat.com/show_bug.cgi?id=1822227
* xorg-x11-xdm - https://bugzilla.redhat.com/show_bug.cgi?id=1822225
* slim - https://bugzilla.redhat.com/show_bug.cgi?id=1822229
* gdm - https://bugzilla.redhat.com/show_bug.cgi?id=1822228


<!-- TODO:
From the above list only the first item is a blocker as it requires pam_console to succeed in the authentication. In all other cases it is optional, so not deleting the module is not a problem.
    https://bugzilla.redhat.com/show_bug.cgi?id=1822209
    https://bugzilla.redhat.com/show_bug.cgi?id=1822227
    https://bugzilla.redhat.com/show_bug.cgi?id=1822225 (orphaned and probably it will be retired soon)
    https://bugzilla.redhat.com/show_bug.cgi?id=1822229 (orphaned)
    https://bugzilla.redhat.com/show_bug.cgi?id=1822228
-->


<!-- TODO: there might be some unidentified software packages, I'm opening this System-Wide Change to also identify them -->
<!-- TODO: there might be some unidentified software packages, I'm opening this System-Wide Change to also identify them -->
Line 104: Line 92:
== Contingency Plan ==
== Contingency Plan ==


<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages).  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
* Contingency mechanism: Postpone to the next release.
* Contingency mechanism: (What to do?  Who will do it?) N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Contingency deadline: beta freeze
<!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
* Blocks release? No
* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->




== Documentation ==
== Documentation ==
<!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
No documentation.


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
N/A (not a System Wide Change)


== Release Notes ==
== Release Notes ==
<!-- The Fedora Release Notes inform end-users about what is new in the release.  Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
No need to update the release notes for this change.
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns.  If there are any such changes involved in this change, indicate them here.  A link to upstream documentation will often satisfy this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release.
 
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze.  
-->

Revision as of 10:39, 3 January 2023

Remove pam_console

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Remove pam_console as it is broken and no longer under use.

Owner


Current status

  • Targeted release: Fedora Linux 39
  • Last updated: 2023-01-03
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Currently, the pam_console module is broken because one of the files needed to define the permissions (50-default.perms) is not installed in the distribution. Indeed, there was a System-Wide Change proposal in 2007 to remove pam_console, but it wasn't finished.

Feedback

Benefit to Fedora

The main benefit is that it reduces the maintenance effort of the package, without reducing the functionality as this should be managed by the HAL ACL. The pam_console module is not included in the Linux-PAM, and it has to be maintained in a side-project. On top of that, the module is only used in Fedora and some of its derivatives.

Scope

  • Proposal owners:
  1. Provide PRs to remove pam_console from the PAM stack of the identified software packages (see Dependencies).
  2. Remove pam_console from pam-redhat project and rebuild Fedora package.
  • Other developers:
  1. Identified software package maintainers should review and merge the pam_console removal PRs.
  • Policies and guidelines: N/A
  • Trademark approval: N/A
  • Alignment with Objectives: N/A

Upgrade/compatibility impact

No impact is expected.


How To Test

No special hardware or configuration is required to test this change. Once the change is in place, check that the pam_console isn't installed in your system (default location: /lib64/security/pam_console.so) and do a user authentication (i.e. graphical interface, su, ssh, and whatever else comes to your mind).


User Experience

Users won't experience any change.

Dependencies

This change depends on other packages removing pam_console from their PAM stack. I have identified five packages and I have opened a bugzilla for all of them:

From the above list only the first item is a blocker as it requires pam_console to succeed in the authentication. In all other cases it is optional, so not deleting the module is not a problem.


Contingency Plan

  • Contingency mechanism: Postpone to the next release.
  • Contingency deadline: beta freeze
  • Blocks release? No


Documentation

No documentation.


Release Notes

No need to update the release notes for this change.

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/RemovePamConsole&oldid=664525"