You see peterwwillis's reply to your comment? That's the sort of meaty discussion I was looking for. Your post -while better than your first- is the sort of content-light, platitude-heavy post that I most often see from folks who have taken a side in a tech holy war but are not otherwise really involved. [0] I would very much like to engage you in a real technical discussion. I'm eager to learn new things!
> [T]he functionality necessary to create a clean login in a container is beyond the scope of what PAM does.
Given that I use a PAM module that takes the login password that I keyed in, calls out to cryptsetup using that password to unlock an encrypted volume, creates the mountpoint for that volume, mounts it, then -when I've logged out- (optionally) kills any processes of mine that may still be running, then reverses those mount and unlock operations, I'm not convinced that your claim is true.
Please convince me otherwise! :D
[0] Why is it the most frequent? I don't know for sure, but I suspect that the adage "It's easy to have opinions, but much harder to have informed opinions." would be applicable.
> [T]he functionality necessary to create a clean login in a container is beyond the scope of what PAM does.
Given that I use a PAM module that takes the login password that I keyed in, calls out to cryptsetup using that password to unlock an encrypted volume, creates the mountpoint for that volume, mounts it, then -when I've logged out- (optionally) kills any processes of mine that may still be running, then reverses those mount and unlock operations, I'm not convinced that your claim is true.
Please convince me otherwise! :D
[0] Why is it the most frequent? I don't know for sure, but I suspect that the adage "It's easy to have opinions, but much harder to have informed opinions." would be applicable.