Re: severe deficiencies in our PAM setup
On Sun, Sep 24, 2000 at 03:00:33PM +0200, Wichert Akkerman wrote:
> Previously Greg Stark wrote:
> > In debian each pam.d file is for a specific service and is populated with
> > pam_unix rules by default. There's no concept of the "standard" authentication
> > model for a system.
True, but there is also no concept of a "standard" service. Things
required for some things(pam_securetty) make absolutly no sense for say,
imap or samba. And I'm a little leary about something posing as a, say,
kbdrate service being able to change passwords.
And if something can't provide a sensible config file then I'm not sure
if I want to allow it to run. The current default will allow anybody,
including root, to login if it can't find a proper way to authenticate for
that service. Not a situation I like on my home system, and something I'm
fixing right now on my servers.
- Nick Lopez
"Science is like sex: sometimes something useful comes out, but
that is not the reason we are doing it" -- Richard Feynman