From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: muradm <mail@muradm.net>
Cc: 63198@debbugs.gnu.org
Subject: bug#63198: cups-service-type uses PAM-enabled 'cups' by default which prevents authentication
Date: Mon, 15 May 2023 11:24:19 -0400 [thread overview]
Message-ID: <877ct9vcrg.fsf_-_@gmail.com> (raw)
In-Reply-To: <0c6858607cfd59a8da92f0a0780d8b45dc4b3afd.1684003079.git.mail@muradm.net> (muradm's message of "Sat, 13 May 2023 21:38:00 +0300")
Hi,
muradm <mail@muradm.net> writes:
> Fixes <https://issues.guix.gnu.org/63198>.
>
> Makes CUPS service to extend pam-root-service-type providing minimal
> configuration to authenticate users. Since PAM authentication is
> provided, cups package can be used as default.
>
> * gnu/services/cups.scm (cups-configuration) [cups]: Use cups.
I'd write 'Replace cups-minimal with cups'.
> [allow-empty-password?]: PAM service configuration permitting empty passwords.
I'd write 'New field', but I think we'd want to add proper PAM support
here not a 'bypass PAM authentication' hack. It should also be enabled
out of the box, otherwise users won't be able to authenticate until they
figure out they need to set that switch to #t.
> (opaque-cups-configuration): Likewise.
> (cups-pam-service): cups PAM service.
Not descriptive :-) What is the change here?
Could you look into adding "regular" login PAM support instead of a
bypass disabled by default? The user should still be prompted for its
password, and it should go through the PAM auth module.
I'm not very PAM-aware, but I believe there are examples spread in the
code base.
--
Thanks,
Maxim
next prev parent reply other threads:[~2023-05-15 15:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-01 3:08 bug#63198: cups-service-type uses PAM-enabled 'cups' by default which prevents authentication Maxim Cournoyer
2023-05-03 12:46 ` Maxim Cournoyer
2023-05-13 13:43 ` muradm
2023-05-13 13:48 ` muradm
2023-05-15 15:13 ` Maxim Cournoyer
2023-05-15 15:12 ` Maxim Cournoyer
2023-05-13 18:38 ` bug#63198: [PATCH] services: cups: Add cups PAM service muradm
2023-05-15 15:24 ` Maxim Cournoyer [this message]
2023-05-16 5:17 ` bug#63198: cups-service-type uses PAM-enabled 'cups' by default which prevents authentication muradm
2023-05-24 0:46 ` Maxim Cournoyer
2023-05-24 11:37 ` muradm
2023-05-23 22:14 ` Ricardo Wurmus
2023-05-24 11:07 ` bug#63198: End-to-end tests Was: " Csepp
2023-05-24 11:28 ` muradm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877ct9vcrg.fsf_-_@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=63198@debbugs.gnu.org \
--cc=mail@muradm.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).