[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: severe deficiencies in our PAM setup

On Sun, Sep 24, 2000 at 03:00:33PM +0200, Wichert Akkerman wrote:
> Previously Greg Stark wrote:
> > In debian each pam.d file is for a specific service and is populated with
> > pam_unix rules by default. There's no concept of the "standard" authentication
> > model for a system.
  True, but there is also no concept of a "standard" service.  Things
required for some things(pam_securetty) make absolutly no sense for say,
imap or samba.  And I'm a little leary about something posing as a, say,
kbdrate service being able to change passwords.  
  And if something can't provide a sensible config file then I'm not sure
if I want to allow it to run.  The current default will allow anybody,
including root, to login if it can't find a proper way to authenticate for
that service.  Not a situation I like on my home system, and something I'm
fixing right now on my servers.

  - Nick Lopez
    "Science is like sex: sometimes something useful comes out, but
      that is not the reason we are doing it" -- Richard Feynman

Reply to: