From Fedora Project Wiki

Revision as of 14:40, 2 January 2023 by Ipedrosa (talk | contribs)

Remove pam_console

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Remove pam_console as it is broken and no longer under use.

Owner


Current status

  • Targeted release: Fedora Linux 39
  • Last updated: 2023-01-02
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Currently, the pam_console module is broken because one of the files needed to define the permissions (50-default.perms) is not installed in the distribution. Indeed, there was a System-Wide Change proposal in 2007 to remove pam_console, but it wasn't finished.

Feedback

Benefit to Fedora

The main benefit is that it reduces the maintenance effort of the package, without reducing the functionality as this should be managed by the HAL ACL. The pam_console module is not included in the Linux-PAM, and it has to be maintained in a side-project. On top of that, the module is only used in Fedora and some of its derivatives.

Scope

  • Proposal owners:
  1. Provide PRs to remove pam_console from the PAM stack of the identified software packages (see Dependencies).
  2. Remove pam_console from pam-redhat project and rebuild Fedora package.
  • Other developers:
  1. Identified software package maintainers should review and merge the pam_console removal PRs.
  • Policies and guidelines: N/A
  • Trademark approval: N/A
  • Alignment with Objectives: N/A

Upgrade/compatibility impact

No impact is expected.


How To Test

No special hardware or configuration is required to test this change. Once the change is in place, check that the pam_console isn't installed in your system (default location: /lib64/security/pam_console.so) and do a user authentication (i.e. graphical interface, su, ssh, and whatever else comes to your mind).


User Experience

Dependencies

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

N/A (not a System Wide Change)

Release Notes