Re: How can I remove PAM from my system?
On Mon, Nov 27, 2000 at 06:38:32PM +0200, Eray Ozkural (exa) wrote:
> Ben Collins wrote:
> >
> > a) No you cannot remove it, because login and passwd ultimately use them
> > anyway.
> >
>
> Yes, they use it I know. Then of course login and passwd in Debian are
> not vanilla login/passwd. I recall PAM as being one of the release goals
> for potato (correct me if I'm wrong), so at some point in time every
> major program that has to do password authentication began using it. Hmm.
Most of shadow included PAM support already. The changed I did make are
now upstream, so yes, they are pretty much vanilla.
> > b) Since the default PAM configuration implements "normal" security measures
> > I don't see how you can say you don't "need such security measures".
> > IOW, the same measures would by default be in place with out without
> > PAM. The only way you get more strict measures is by changing the
> > default.
> >
> > So what is it you are really trying to avoid?
>
> My problem is that on potato the behavior wasn't exactly the same for
> me before I upgraded. When I upgraded a lot of default settings came
> in place because I answered yes to all apt-get queries. It's a 32 node
> beowulf cluster and you have to do upgrades like that.
>
> Which ultimately broke our NIS setup.
>
> The fact is that inside the private network of a beowulf system, rlogin
> and rsh doesn't have to be secure at all. For the master node which connects
> the private net to the outside world it's different; you probably should
> be using ssh etc. to access from Internet. For the slave nodes however,
> that doesn't seem to be necessary. I'd thought about removing pam rather
> than disabling it by automatically editing the config files and having
> to keep track of "upgrade"s.
The pam.d files are considered config files, as such, they will not be
automicatically changed on upgrades. You should be safe in doing that.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: