Re: How can I remove PAM from my system?

To: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>
Cc: Ben Collins <bcollins@debian.org>, Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: How can I remove PAM from my system?
From: Ben Collins <bcollins@debian.org>
Date: Mon, 27 Nov 2000 13:19:17 -0500
Message-id: <[🔎] 20001127131917.V3597@visi.net>
In-reply-to: <[🔎] 3A228E08.6BA7C2E3@cs.bilkent.edu.tr>; from erayo@cs.bilkent.edu.tr on Mon, Nov 27, 2000 at 06:38:32PM +0200
References: <[🔎] 3A226078.1315CB7E@cs.bilkent.edu.tr> <[🔎] 20001127092031.F3597@visi.net> <[🔎] 3A228E08.6BA7C2E3@cs.bilkent.edu.tr>

On Mon, Nov 27, 2000 at 06:38:32PM +0200, Eray Ozkural (exa) wrote:
> Ben Collins wrote:
> > 
> > a) No you cannot remove it, because login and passwd ultimately use them
> >    anyway.
> > 
> 
> Yes, they use it I know. Then of course login and passwd in Debian are
> not vanilla login/passwd. I recall PAM as being one of the release goals
> for potato (correct me if I'm wrong), so at some point in time every
> major program that has to do password authentication began using it. Hmm.

Most of shadow included PAM support already. The changed I did make are
now upstream, so yes, they are pretty much vanilla.

> > b) Since the default PAM configuration implements "normal" security measures
> >    I don't see how you can say you don't "need such security measures".
> >    IOW, the same measures would by default be in place with out without
> >    PAM. The only way you get more strict measures is by changing the
> >    default.
> > 
> > So what is it you are really trying to avoid?
> 
> My problem is that on potato the behavior wasn't exactly the same for
> me before I upgraded. When I upgraded a lot of default settings came
> in place because I answered yes to all apt-get queries. It's a 32 node
> beowulf cluster and you have to do upgrades like that.
> 
> Which ultimately broke our NIS setup.
> 
> The fact is that inside the private network of a beowulf system, rlogin
> and rsh doesn't have to be secure at all. For the master node which connects
> the private net to the outside world it's different; you probably should
> be using ssh etc. to access from Internet. For the slave nodes however,
> that doesn't seem to be necessary. I'd thought about removing pam rather
> than disabling it by automatically editing the config files and having
> to keep track of "upgrade"s.

The pam.d files are considered config files, as such, they will not be
automicatically changed on upgrades. You should be safe in doing that.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

Follow-Ups:
- Re: How can I remove PAM from my system?
  - From: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>

References:
- How can I remove PAM from my system?
  - From: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>
- Re: How can I remove PAM from my system?
  - From: Ben Collins <bcollins@debian.org>
- Re: How can I remove PAM from my system?
  - From: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>

Prev by Date: yesterday upgrading
Next by Date: Re: whatis parse failed?
Previous by thread: Re: How can I remove PAM from my system?
Next by thread: Re: How can I remove PAM from my system?
Index(es):
- Date
- Thread