From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms9.migadu.com with LMTPS
	id qBOlOt9OYmTRfwAASxT56A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 May 2023 17:25:20 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id yFWtOd9OYmQGCwEAG6o9tA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 May 2023 17:25:19 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 95958FF35
	for <larch@yhetil.org>; Mon, 15 May 2023 17:25:19 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1pya4P-0003Lo-7m; Mon, 15 May 2023 11:25:05 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pya4M-0003Kt-SG
 for bug-guix@gnu.org; Mon, 15 May 2023 11:25:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pya4M-00017K-JI
 for bug-guix@gnu.org; Mon, 15 May 2023 11:25:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pya4M-0002uT-6G
 for bug-guix@gnu.org; Mon, 15 May 2023 11:25:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#63198: cups-service-type uses PAM-enabled 'cups' by default which
 prevents authentication
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 15 May 2023 15:25:02 +0000
Resent-Message-ID: <handler.63198.B63198.168416427211128@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 63198
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: muradm <mail@muradm.net>
Cc: 63198@debbugs.gnu.org
Received: via spool by 63198-submit@debbugs.gnu.org id=B63198.168416427211128
 (code B ref 63198); Mon, 15 May 2023 15:25:02 +0000
Received: (at 63198) by debbugs.gnu.org; 15 May 2023 15:24:32 +0000
Received: from localhost ([127.0.0.1]:44167 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pya3r-0002tQ-NI
 for submit@debbugs.gnu.org; Mon, 15 May 2023 11:24:32 -0400
Received: from mail-qv1-f51.google.com ([209.85.219.51]:55625)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1pya3n-0002t6-9G
 for 63198@debbugs.gnu.org; Mon, 15 May 2023 11:24:29 -0400
Received: by mail-qv1-f51.google.com with SMTP id
 6a1803df08f44-61b5a6865dfso99824416d6.3
 for <63198@debbugs.gnu.org>; Mon, 15 May 2023 08:24:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1684164261; x=1686756261;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=ri2OwIOvlNH3WSRLvAthtbsuJ0o1JcDAA48KmQ7pz2E=;
 b=nOgH3ybA3R3CvAuPbU4MFm71E/BKaoK+k5AJcXC9AsUCGIQzdozdGpsaGU3xNN7WCV
 rvM7h7SocnnIj9Dds/l6ufcDinrm34bwIErvcsiNkcAgkJJupoCrltrj2ma+In4oosut
 C1i3aAWpR7+Eb1xsOATlyR9mIqz4JELL4Lc7ba66O5qUUezjNO/gjgAX9Vm1ZZldOJYA
 zbJJDv/bUpB9h/xCxMMChpQQ++bpgIma7SWcRkoYX9tfp8sBf2Q2k30Rbz7/O83OWdEQ
 Y8RupCUfCXN4csJBCpHzY2tfjYLYAKnWRbquFkebDWX6ip7z5OgLp8WQskb+3qGPEFTQ
 w10A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1684164261; x=1686756261;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ri2OwIOvlNH3WSRLvAthtbsuJ0o1JcDAA48KmQ7pz2E=;
 b=T91k282nalHsS+MJnCDw/7qniFB9OrlitKWSfMPdSz9SATDMI4vniKXX24b4ywJaEw
 gRjfGp/afna0+hjnZjQ9Xy+cdnOU+BvkXtTtajf8jYNI4uRv2HnmdaKU5b+ool9LN5Gv
 Flm+T5IZoJNcGHBfHl8NOk+m58oBFSkQpwmxJ71VYIpdGbfZy1oYsJPoInUto+P84mlO
 h9Aac1vQElOWB98PW7U9e7WMmUqULFf+ms9Vu7umZ8alhzrPlYsAmB9tlatbDceqeSdW
 eSolmN2NXCX2BRiYPUEY9gIOwEkcna9kuuVJ776qhdQnFRz7Z9m2zLZh/A58hLNL63V9
 v7iQ==
X-Gm-Message-State: AC+VfDxtmY0GPR5c7b4zrnKD9RTZAJRjRPQXvuckWGX8SVMA5cMNE3ae
 J8bJE2g3AaApLLM1WMxtbBwHg+nKjwyXBw==
X-Google-Smtp-Source: ACHHUZ4/Rixy/RfyXtGKHQ65f1EOzXBTi8JiDyCLTQr12nUBxkvp6y1ZAZcJSH4+g4FgmPGWs3BZYg==
X-Received: by 2002:ad4:574a:0:b0:621:562c:4e22 with SMTP id
 q10-20020ad4574a000000b00621562c4e22mr38559413qvx.47.1684164261320; 
 Mon, 15 May 2023 08:24:21 -0700 (PDT)
Received: from hurd (dsl-205-236-230-106.b2b2c.ca. [205.236.230.106])
 by smtp.gmail.com with ESMTPSA id
 mk6-20020a056214580600b006212a3d8cc1sm5042934qvb.32.2023.05.15.08.24.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 15 May 2023 08:24:20 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <87wn1s695u.fsf@gmail.com>
 <0c6858607cfd59a8da92f0a0780d8b45dc4b3afd.1684003079.git.mail@muradm.net>
Date: Mon, 15 May 2023 11:24:19 -0400
In-Reply-To: <0c6858607cfd59a8da92f0a0780d8b45dc4b3afd.1684003079.git.mail@muradm.net>
 (muradm's message of "Sat, 13 May 2023 21:38:00 +0300")
Message-ID: <877ct9vcrg.fsf_-_@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684164319; a=rsa-sha256; cv=none;
	b=R5i5TaPgWDvpc7wZLhVcqBmN8G3LTGuMU2SQu4z49pjPZOF5Pjovljm3TBofHGmo/jnqcd
	nTu0xoW2s5oUtFWjwKOFaaFY9xYvif/uXGUscAHcvl8MYZqBMrUSwTjxdxE8bNrF5Cy/4Q
	PvhIzrolrS6MGHDTFIab75O7WovdEXPyez7n7bcEP97KpzCB+9j2Wx63AUT5iBByAEuVKr
	nVa0Oc16XdK9OhFQ7hEYVs260Tgw091GZBrXsgqymr2ptPWZQFm7WAX+4FjKkfUYTI5Ygz
	t3RRQ6oGevUE3JhLCHI1AT5TaGK824VNFk5L9jKlAYhmBD2Josq+/7SJWpZTag==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=nOgH3ybA;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1684164319;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=ri2OwIOvlNH3WSRLvAthtbsuJ0o1JcDAA48KmQ7pz2E=;
	b=GF8f563yGtrB/t1Lp83YDac+3RGNbzOaJNO7S/vVaqlOMKpSOEmYOdE7pmTi7V+OMeVzgu
	pF6uCgrJoYNn5lHs9dpVJ5FlMTEtsg+PgPIu9P9WNEzBwD8wTZlDUy6uh6rWxQZyOTFpRI
	Mf2QNJHy1N/lAkd75hRveJtEP8NaveoIcAoNSBMm8BP/U7hTSJs9IHsXUbvqt1N9uBNnYe
	6dI/eKYSMlKSNNH9TjOb6bWYYAGEX8EMsZxrVWFjuEUTq2Ztp7Ep/pyR99kIvkSmcYo4ca
	0HLscuXAm5pDtYWW1T1lJSp0I2TJLr3al5nFn/gxsmN8Sk9w+MwkkDGxmtMneg==
X-Migadu-Scanner: scn1.migadu.com
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=nOgH3ybA;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 7.31
X-Spam-Score: 7.31
X-Migadu-Queue-Id: 95958FF35
X-TUID: /gGsHoyq3ABp

Hi,

muradm <mail@muradm.net> writes:

> Fixes <https://issues.guix.gnu.org/63198>.
>
> Makes CUPS service to extend pam-root-service-type providing minimal
> configuration to authenticate users. Since PAM authentication is
> provided, cups package can be used as default.
>
> * gnu/services/cups.scm (cups-configuration) [cups]: Use cups.

I'd write 'Replace cups-minimal with cups'.

> [allow-empty-password?]: PAM service configuration permitting empty passwords.

I'd write 'New field', but I think we'd want to add proper PAM support
here not a 'bypass PAM authentication' hack.  It should also be enabled
out of the box, otherwise users won't be able to authenticate until they
figure out they need to set that switch to #t.

> (opaque-cups-configuration): Likewise.
> (cups-pam-service): cups PAM service.

Not descriptive :-)  What is the change here?

Could you look into adding "regular" login PAM support instead of a
bypass disabled by default?  The user should still be prompted for its
password, and it should go through the PAM auth module.

I'm not very PAM-aware, but I believe there are examples spread in the
code base.

-- 
Thanks,
Maxim