IRC Logs for #crux-devel Wednesday, 2014-01-15

*** mavrick61 has quit IRC03:51
*** mavrick61 has joined #crux-devel03:52
*** sepen has joined #crux-devel11:26
sepenjue: java released version 7u5111:27
teK_hey guys, what are you thinking about kdbus? :>11:35
sepen"...(KDBUS) paired with the latest systemd code...."?11:37
sepenno please11:38
sepenwow, read 'zester' comments11:52
teK_I loved the lwn article's comment's11:57
teK_I loved the lwn article's comments11:57
teK_This can be merged in kernel after the 237 systemd bugs in Fedora[1] are fixed.11:57
teK_the article itself was basically just quoting lenny how awesome dbus was and how even better kdbus will be11:58
teK_Everything will work, Lennart said, if one doesn't mind that it will all be "horribly insecure."11:58
sepenlennart lennart lennart ...11:59
frinnstand rhel7 will use systemd...13:37
jaegerI think non-systemd users are holdouts at this point, heh13:39
jaegerunrelated to systemd, why don't we use PAM? Is there a specific reason we avoid it or is it just because it isn't the simplest solution available?13:40
jaegerOr perhaps just because Per didn't use it at the time and we've never changed it13:41
frinnstyeah probably14:10
frinnstim not sure i would mind using pam14:11
frinnstthen i could use my yubikeys14:11
jaegerI'm genuinely curious if there's a good reason NOT to use it these days14:13
jaegerNot using it keeps us from doing some things like AD authentication and yubikeys, I guess14:14
jaegerSome software can't even be built correctly without it, though that's mostly gnome/ubuntu stack stuff14:14
jaegerOn the performance side of things I don't think a correctly configured and reasonably sized PAM stack poses any kind of performance threat14:18
jaegerfrinnst: how does the yubikey work? For/with what do you currently use it?14:35
jaegerignore the first part, I Rd TFM14:37
frinnstwell, since we dont run pam i dont really use it14:51
frinnsti use it for lastpass on non-trusted computers14:52
frinnstand for login on my win8 (HORROR) laptop that I never use14:52
jaegerFair enough14:54
juejaeger: you said it all, it's not the simplest solution and Per didn't use it15:31
juesepen: thx, will look at it later15:31
juefrinnst: there's yet another sudo release ;)15:32
jaegerjue: fair enough. I'd like us to consider it for 3.1, perhaps15:36
frinnstwhaat, the bugfix they say is fixed in p3 was listed in the p2 changelog yesterday15:37
juejaeger: never used it deliberately by myself, so I'm not able to really estimate how intrusive such a change would be for CRUX15:50
jaegerjue: I will do some work on that front and write up what I find. With that said I think it's pretty low-impact for a binary upgrade, slight impact for source upgrades15:51
jaegerbecause things like shadow, samba, etc. could use it after it's installed15:51
juesounds good, let's decide if we have more information15:54
juecould you add a sentence about it to TODO31, please?15:54
jaegerI'd also appreciate input from anyone else in here if you have a good reason for or against PAM usage16:02
sepen /win 216:34
sepenoops, sorry16:35
jaegerno, anywhere but win 2!16:36
sepenjaeger: honestly I never used PAM16:41
sepenwell, I see pam enabled on most distros I used but I don't have any idea about the impact for the whole system and how that can affect to us16:42
jaegerI think that most users are probably in the same situation as you... it doesn't really affect them one way or another, probably16:42
sepenyou said AD requires it?16:42
jaegerI'm not aware of a way to do AD auth without it, at least16:43
sepenI always tried to keep on aside things like selinux or pam16:43
sepenbut where are not talking about only one port, right?16:44
jaegerYes and no. PAM itself is only one port but other ports would need to be recompiled to use it, such as shadow, samba, openssh16:44
jaegerThey will work fine without it, of course16:44
sepenpasswd, shadow, openssh16:44
sepenhmm an easy way to test that would be to have an overlay repo (pam.git) with all ports that changed16:48
jaegeryeah, not a bad possibility16:48
sepenso enable pam would be as easy as to select and enable this repo at top of prt-get.conf16:49
jaegeryes, it's come up before and there's even a linux-pam port in contrib, though it's not robust16:53
sepenmaybe is the time to file a new thread in our ML16:54
jaegerperhaps, though I'd like to do the work to get a good config designed first16:57
*** deus_ex has quit IRC17:10
*** deus_ex has joined #crux-devel17:14
jaegerI will try to get that done this week/weekend17:15
teK_jaeger: not robust is severe belittlement..21:05
teK_(wrt linux-pam)21:05
jaegerI didn't mean it to be belittlement, just my opinion on that particular config21:39
jaegerusing pam.conf vs pam.d, etc.21:40
teK_it's crap imho...21:40
teK_I could not get it to work even after copying gentoo's pam stuff21:41
jaegerI spent quite a bit of time on it once last year and had a very nice config for my uses... unfortunately I lost those config files21:44
jaegerI will try to recreate it or at least similar, though, and anyone who'd like to test it will be welcome to21:44
teK_sounds good21:51
teK_PAM has quite some use cases, after all :)21:51
teK_American Hustle or Hunger Games Part 1?21:52
jaegerI like both :)21:57
teK_ok, maybe I'll ask $RANDOM for the right order21:58
teK_sepen: please add a hint to the README of virtualbox that, put into rc.local VBoxManage hostonlyif create >/dev/null 2>&1 will create vboxnet* so one won't have to do that manually by GUI after each reboot21:58
teK_btw jaeger contains the list of ports, disabling pam explicitly (handling gnu autotools seems to be just to hard....)22:01
jaegergood to know22:04
jaegerI don't think we really gain anything by not using it but we'll see how it goes22:04
teK_we should file bugs for alle of them22:05
jaegerIf we do decide to use it, sure, but maybe a bit early now22:13
teK_nah it's a general flaw in upstreams (or whatever)22:14
teK_imagine this to happen with more optional dependencies22:14
jaegeryeah, I'm sure it'll be more than is apparent, stuff like that always expands/explodes22:24
teK_maybe but upstream is supposed to fix their crap, too :D22:26
jaegerWould be nice :)22:26
teK_man.. htmldoc released new sources after eight years.. and nothing worked.. $DESTDIR is not honored, gnutls is not detected properly etc.22:26

Generated by 2.11.0 by Marius Gedminas - find it at!