[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: severe deficiencies in our PAM setup

On Fri, Sep 29, 2000 at 11:07:53PM -0300, Nicol?s Lichtmaier wrote:
> > >  CPP syntax is a *very* well known preprocessor syntax, and it could give
> > > much flexibility not only in this case, but also in many other configuration
> > > files...
> > imho, m4 would be better if you want to do something like this. cpp has
> > a big problem for shell-type config files--it ain't real happy with # as
> > a comment character.

I am not implementing anything so complex. I am going to continue to
persue empty package files by default, a standard auth scheme, and a
simple configuration file with "security models" to choose from. I don't
want to take a chance of someones inability to understand the
configuration language to interfere with the security of their system.
Every person who wants to secure their system is not a security expert,
nor should they be.

Also remember that not every security expert is a multi-faceted language
expert and knows m4 and/or cpp. Hell, if m4 was so easy, sendmail would be
our default MTA. After all, if anyone wants to configure it, they should
be smart enough to understand or learn m4 right?

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '

Reply to: