[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: severe deficiencies in our PAM setup

On Sat, Sep 23, 2000 at 09:04:50PM -0400, Greg Stark wrote:
> Ok, I was finally trying to read up on PAM to see how to package the kerberos
> PAM module so everything works smoothly. As near as I can tell there's no way
> to do this.
> In debian each pam.d file is for a specific service and is populated with
> pam_unix rules by default. There's no concept of the "standard" authentication
> model for a system.
> As a result it's easy to install new services, which debian does, but it's
> impossible to configure a new authentication method. Even if the local system
> administrator goes and edits every single pam.d to use the new authentication
> method they get bitten badly every time they install a new service, and have a
> painful upgrade every time they upgrade any of the services they edited.

I've already started working on a new PAM mini-policy for woody that does
your first idea. What I'm leaning toward is using includes/alternatives
(with standard being priority 1) to configure the standard authentication


/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '

Reply to: