Re: PAM, Potato, Packages -- things that begine with 'P'
On Tue, Mar 02, 1999 at 09:12:55AM -0500, Ben Collins wrote:
> On Tue, Mar 02, 1999 at 07:18:49AM -0500, Michael Stone wrote:
> > I think this is too ugly, and will make upgrading a pain. How would
> > having extra apps help users? (Pam'd apps should still interoperate with
> > apps that use passwd directly, right? As long as /bin/passwd is pam'd,
> > it should be user-invisible.)
> No, wrong, false. If you are just using local files in /etc, then you are
> ok, but the biggest reason for using PAM is having the ability to use
> special authentication sources. Like radius, LDAP, and whatever else you
> can think of. This means that there is no local authentication method for
> non-pam apps.
Hmm. So your fear is what, that people suddenly throw away their
existing authentication scheme and hurt themselves? I think that if
someone has set up some scheme to replace /etc/passwd, they should be
qualified to handle any side effects own--it's not something that'll be
done by default. I was talking about users who don't know pam from a
hole in the wall, and I don't see how adding a bunch of extra packages
will help them.
> The way it helps users is by not forcing them to use PAM, some people
> don't want it. This may be overidden if we see that PAM is stable enough
> to support as the standard (currently, being familiar with the source, I
> don't have that confidence), but initially we need alternatives.
If you really want them, go for it. But I'd advocate telnet-nopam, etc.
Either we're going with pam or we're not. I don't have anything against
providing optional non-pam packages, but they shouldn't be the defaults.