Re: How can I remove PAM from my system?
Ben Collins wrote:
>
> a) No you cannot remove it, because login and passwd ultimately use them
> anyway.
>
Yes, they use it I know. Then of course login and passwd in Debian are
not vanilla login/passwd. I recall PAM as being one of the release goals
for potato (correct me if I'm wrong), so at some point in time every
major program that has to do password authentication began using it. Hmm.
> b) Since the default PAM configuration implements "normal" security measures
> I don't see how you can say you don't "need such security measures".
> IOW, the same measures would by default be in place with out without
> PAM. The only way you get more strict measures is by changing the
> default.
>
> So what is it you are really trying to avoid?
My problem is that on potato the behavior wasn't exactly the same for
me before I upgraded. When I upgraded a lot of default settings came
in place because I answered yes to all apt-get queries. It's a 32 node
beowulf cluster and you have to do upgrades like that.
Which ultimately broke our NIS setup.
The fact is that inside the private network of a beowulf system, rlogin
and rsh doesn't have to be secure at all. For the master node which connects
the private net to the outside world it's different; you probably should
be using ssh etc. to access from Internet. For the slave nodes however,
that doesn't seem to be necessary. I'd thought about removing pam rather
than disabling it by automatically editing the config files and having
to keep track of "upgrade"s.
Thanks for your attention,
--
Eray (exa) Ozkural
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo@cs.bilkent.edu.tr
www: http://www.cs.bilkent.edu.tr/~erayo
Reply to: