On Don, 2006-03-23 at 14:24 -0600, Randy McMurchy wrote:
> There has been a couple folks wonder why one would want to install
> Pam, but not CrackLib, on a system. So far, the only answers given
> don't touch on the the question of why, but instead simply mention
> that one has nothing to do with the other.
> 
> I believe everyone will agree that Linux-Pam works without CrackLib,
> and CrackLib works without Linux-PAM. However, because there really
> is some similarity in functionality (they do much the same thing, one
> provides security by means of controlling access to applications,the
> other by means of controlling access to the system), I suppose it
> has been thought that if one wanted one (Linux-PAM), they would want
> the other (CrackLib) as well.

The reason for me to use PAM is not to enhance the system security but
to use an abstract and uniform authentication layer that can be used by
all applications. When I decide to use LDAP or something else for
authentication, I want to configure the authentication layer and nothing
else. If I need to make sure that users don't use weak passwords, I
install cracklib with the corresponding authentication layer module.

Short version: I install PAM on every system to get an uniform
authentication system. I install Cracklib to ensure proper security on
multi-user systems.

HTH,

Jürg

--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to