Re: PAM, Potato, Packages -- things that begine with 'P'

To: Ben Collins <bcollins@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: PAM, Potato, Packages -- things that begine with 'P'
From: Steve Dunham <dunham@cse.msu.edu>
Date: 03 Mar 1999 12:10:16 -0500
Message-id: <[🔎] m9bpv6qqz2f.fsf@fatneck.cse.msu.edu>
In-reply-to: Ben Collins's message of "Tue, 2 Mar 1999 19:29:59 -0500"
References: <[🔎] 19990302071304.A26745@visi.net> <[🔎] 19990302071848.D16448@frederick.itri.loyola.edu> <[🔎] 19990302091255.A17778@it.larc.nasa.gov> <[🔎] 19990302182053.A20071@frederick.itri.loyola.edu> <[🔎] 19990302192959.B31566@visi.net>

Ben Collins <bcollins@debian.org> writes:

> On Tue, Mar 02, 1999 at 06:20:53PM -0500, Michael Stone wrote:
> > > No, wrong, false. If you are just using local files in /etc, then you are
> > > ok, but the biggest reason for using PAM is having the ability to use
> > > special authentication sources. Like radius, LDAP, and whatever else you
> > > can think of. This means that there is no local authentication method for
> > > non-pam apps.

It's also useful if you want to add logging, time of day access
control, remove securetty, etc.

As far as the lesser clued are concerned, Red Hat seems to get away
with using PAM without much trouble from users.  Red Hat has been
using PAM for a very long time.  (PAM is on my list of things that RH
does better than Debian.)

> > > The way it helps users is by not forcing them to use PAM, some people
> > > don't want it. This may be overidden if we see that PAM is stable enough
> > > to support as the standard (currently, being familiar with the source, I
> > > don't have that confidence), but initially we need alternatives.

> > If you really want them, go for it. But I'd advocate telnet-nopam, etc.
> > Either we're going with pam or we're not. I don't have anything against
> > providing optional non-pam packages, but they shouldn't be the defaults.

> If that is how everyone feels, then it is fine with me, I'm only giving
> my suggestions. I'll support the libraries as best I can no matter what
> the general decision is.

IMHO, we should just PAM-ify everything and setup the default config
files to emulate the old behaviour.  RedHat has been using PAM for
quite a while and the

BTW, the best way to go about PAMifying everything is to grab the
equivalent RedHat source package and extract it.  All of their PAM
patches are in seperate diff files, so they should be easy to borrow.
(Multiple diff files are really handy - witness the hacks in the egcs,
gdb, and other assorted Debian source packages to apply diffs at build
time rather than when the source package is extracted.)

Steve
dunham@cse.msu.edu

Reply to:

Follow-Ups:
- Re: PAM, Potato, Packages -- things that begine with 'P'
  - From: Michael Bramer <grisu@debian.org>

References:
- PAM, Potato, Packages -- things that begine with 'P'
  - From: Ben Collins <bcollins@debian.org>
- Re: PAM, Potato, Packages -- things that begine with 'P'
  - From: Michael Stone <mstone@itri.loyola.edu>
- Re: PAM, Potato, Packages -- things that begine with 'P'
  - From: Ben Collins <bmc@it.larc.nasa.gov>
- Re: PAM, Potato, Packages -- things that begine with 'P'
  - From: Michael Stone <mstone@itri.loyola.edu>
- Re: PAM, Potato, Packages -- things that begine with 'P'
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: install-info problems
Next by Date: procmail 3.12
Previous by thread: Re: PAM, Potato, Packages -- things that begine with 'P'
Next by thread: Re: PAM, Potato, Packages -- things that begine with 'P'
Index(es):
- Date
- Thread