[Pkg-shadow-commits] r141 - trunk/debian

Martin Quinson pkg-shadow-devel@lists.alioth.debian.org
Sat, 14 May 2005 17:37:01 +0000 

Author: mquinson
Date: 2005-05-14 17:37:00 +0000 (Sat, 14 May 2005)
New Revision: 141

Modified:
   trunk/debian/changelog
   trunk/debian/login.defs
Log:
set CLOSE_SESSIONS to yes in login.defs, and document why. Closes #163635. Feel free to reword

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-05-13 21:23:33 UTC (rev 140)
+++ trunk/debian/changelog	2005-05-14 17:37:00 UTC (rev 141)
@@ -16,6 +16,8 @@
     - 421_login.1_pishing:
       Document how to initiate a trusted path under Linux
       Closes: #305600
+    - set CLOSE_SESSIONS to yes in login.defs, and document why.
+      Closes: #163635
   * Upstream bugs already fixed in upstream releases or CVS:
     - 324_configure.in-no-debian-dir:
       Separated from 004_configure.in : this change will not be needed when

Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs	2005-05-13 21:23:33 UTC (rev 140)
+++ trunk/debian/login.defs	2005-05-14 17:37:00 UTC (rev 141)
@@ -294,14 +294,16 @@
 # FAKE_SHELL /bin/fakeshell
 
 #
-# Enable pam_close_session() calling. When using normal (pam_unix.so)
-# session handling modules, this is not needed. However with modules
-# (such as kerberos or other persistent session models), login and su
-# need to fork and wait for the shell to exit so that sessions can be
-# cleaned up.
-#
-CLOSE_SESSIONS no
+# Enable pam_close_session() and pam_end() calling. This setting is needed
+# for persistant session modules such as kerberos to cleanup things on exit.
+# PDCC (PAM data cleanup callbacks) won't be run if CLOSE_SESSIONS=no,
+# leading to all sort of caching issue in a whole bunch of modules. It
+# should however be possible to disable this setting when using the pam_unix
+# session handling module, and gain that way a minor performance improvement 
+# (a fork/wait cycle per session or so).
 
+CLOSE_SESSIONS yes
+
 ################# OBSOLETED BY PAM ##############
 #						#
 # These options are now handled by PAM. Please	#