On Don, 2006-03-23 at 14:24 -0600, Randy McMurchy wrote: > There has been a couple folks wonder why one would want to install > Pam, but not CrackLib, on a system. So far, the only answers given > don't touch on the the question of why, but instead simply mention > that one has nothing to do with the other. > > I believe everyone will agree that Linux-Pam works without CrackLib, > and CrackLib works without Linux-PAM. However, because there really > is some similarity in functionality (they do much the same thing, one > provides security by means of controlling access to applications,the > other by means of controlling access to the system), I suppose it > has been thought that if one wanted one (Linux-PAM), they would want > the other (CrackLib) as well.
The reason for me to use PAM is not to enhance the system security but to use an abstract and uniform authentication layer that can be used by all applications. When I decide to use LDAP or something else for authentication, I want to configure the authentication layer and nothing else. If I need to make sure that users don't use weak passwords, I install cracklib with the corresponding authentication layer module. Short version: I install PAM on every system to get an uniform authentication system. I install Cracklib to ensure proper security on multi-user systems. HTH, Jürg -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
