On Fri, Jun 23, 2006 at 10:16:26AM +0200, martin f krafft wrote: > also sprach Derek Martin <code@pizzashack.org> [2006.06.23.0454 +0200]: > > My conclusion is that it seems from a security standpoint, and > > from an ease-of-administration standpoint, pam_console is the > > clear winner over both of the other proposed solutions. So yes, > > when I said pam_console was "nice", I meant it, and I stand by > > that. Have I missed something in my analysis? If I have, I would > > certainly like to learn what it is. > > Go ahead then and use it. But please do not make statements about > Debian not meeting the requirements of seasoned Unix admins such as > yourself. Why should I not make such statements? If Debian is not meeting the needs of people who want to use it, why should the Debian community not strive to meet those needs? Is the Debian community not open to change for the better? Are its developers not open-minded enough to consider that a solution they previously dismissed might not actually better than the one(s) they've proposed? I certainly hope that's not the case. > We, as in Debian, are going one path with our system, and > while someone might well like to deviate, one thing you cannot say > is that we don't reason with every step we take. I never said you didn't... but can you provide a logical reason for discluding support for pam_console? Can you find any fault with my analysis? You may not personally like pam_console, but it appears to be technically superior to all of the debian-supported solutions to the problem of how to provide access to system resources to workstation users -- a problem which lots of sysadmins must wrestle with. So what logical reason is there not to include it? Does Debian not strive to be the best distribution it can be, meeting the needs of as many users as it can? I'm not asking these questions rhetorically, I'm quite serious. And if you have a logical technical argument against pam_console, I'd still like to hear it. > > Based on the above analysis, I rather strongly disagree. In every > > way, pam_console seems up to the challenge, though it needs the > > enhancement I mentioned regarding killing user processes before it > > is truly ready. > > Doesn't sound like a solution I'd want on my machines. Fine. But, why? I don't think "...because I don't like it" is a very reasoned or sensible justification, but that seems to be the only justification you are willing to offer. This is starting to seem an awful lot to me like unreasoned anti-RedHat prejudice getting in the way of providing solid technical solutions to real problems faced by real users every day... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
Attachment:
pgp7bwtt3JBbd.pgp
Description: PGP signature