Closed mateusz-gozdek-sociomantic closed 5 years ago
What do you want me to do?
I'd expect physlock to gracefully handle PAM misconfiguration, for example, by checking the configuration before entering the loop.
(Edit): If this is not possible, documentation should at least explicitly say about PAM configuration requirements and implications.
I expect the packager/user who installs physlock to do the PAM configuration. An approriate PAM configuration is a necessity for any application that uses PAM. But an application cannot force the configuration upon the user because it does not know what authentication mechanisms the user wants to use--think of yubi keys.
Well, still, with default PAM configuration (http://www.linux-pam.org/Linux-PAM-html/sag-security-issues-other.html), physlock does not work at the moment and README.md does not mention how to configure it.
Why can't README.md mention the same configuration, which is mentioned in https://github.com/muennich/physlock/issues/47#issuecomment-274445853 to make it more clear for new users at least?
I am working on making it more clearer as stated in the issue you've referenced.
Shouldn't there be an issue about it on GitHub then?
You've already referenced it: #47.
But it's closed, meaning it is resolved, when in reality, you are still working on it, as you told, so it is not resolved. Maybe it should be reopened then.
I'm reporting upstream a bug described in https://bugs.archlinux.org/task/61300.
I'm aware of #47 and required modification to PAM configuration, however, I believe, that this behaviour is a bug, as it results in situation, when only thing you can do is to reboot your machine or kill the process over SSH.
Here is also the screenshot of what's happening (probably known issue) from virtual box:
Steps to reproduce (assuming Vagrant with VirtualBox is installed):