From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686) Gecko/20030701 Galeon/1.3.7 Description of problem: From http://0pointer.de/lennart/projects/pam_dotfile/: "pam_dotfile is a PAM module which allows users to have more than one password for a single account, each for a different service. This is desirable because many users have objections to using the same password for (as an example) an IMAP4 mailbox and SSH access. The IMAP4 password should be distinct from the SSH password because the user wants to save the former in the configuration of his mail agent, but not the latter. The same applies to POP3 mailboxes, FTP and comparable services." Well thats what the projcet website sez....I have started using pam_dotfile at home with my dovecot imap server, so that the small number of users who have both imap and shell access can use seperate passwords. Pam_dotfile might not be the best solution to the problem its solving...but i think its interesting enough for someone to look over for inclusion. If there ends up being technical reasons as to why this is not a good fit in the distro, I'd be interested in hearing comments about specific issues. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: N/A Actual Results: N/A Expected Results: N/A Additional info: For my services at home I have editted system-auth to include a line to check pam_dotfile after checking the unix password: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_dotfile.so use_first_pass no_warn auth required /lib/security/$ISA/pam_deny.so this means the unix password is checked first then the pam_dotfile is checked for the password. Doing it this way should make the addition of pam_dotfile support transparent for all services using system-auth until a user adds a pam_dotfile password for a specific service. Or at least thats what i hope its doing.
I suggest to create pam_dotfile as a new Fedora Extras package. We cannot add the pam_dotfile to the standard system-auth configuration anyway, because it can be used to for example bypass the password strength checking in pam_cracklib.
fair enough... i actually forget about this ticket. -jef