Re: Debian security (was Re: Nomination question: Redhat)
Milan Zamazal <email@example.com> writes:
> When it was mentioned -- some people in our country think RedHat is more
> secure than Debian. When I asked them why, I received two non-religious
> answers. One was that Debian is not much visible in "security places"
> (like security-audit, etc.), which makes an impression Debian people are
> not much interested in security. The second was that Debian doesn't
> support PAM, which lowers overall security abilities of the system.
I know these are just perceptions, and opinions that others have
expeessed to you so don't take the comments to follow as a
disagreement with you.
PAM does not "increase" the security of a system, it does make it
possible for you to implement more flexible and manageable
authentication mechanisms, some of which themselves might be more
secure than shadow passwords, or less secure than shadow passwords. I
would not mind seeing PAM support because it would make my system
administrator's life a bit easier. But in the interest of truly
preserving and/or enhancing security PAM support should be dealt with
carefully, and not rushed.