Found here: https://forums.gentoo.org/viewtopic-p-7488190.html#7488190
>> jonathan183 wrote: >> >> My understanding is pam is for user authentication ... > mv wrote: > > Yes, it is. However pam's /etc/security/... is a little bit more fine-grained > than /etc/limits.conf; the case of negative maximal niceness just discussed > is only one of several minor differences; a default niceness is another one; > the possibility to avoid things like suxs or sudox to pass X authorization is > yet another extension which you get only with pam; also some screenlockers > have decided to rely only on pam and not any "manual" authentification > method. So in some cases, pam really has advantages. > On the other hand, all these conveniences come at the price of introducing an > already rather complex layer. > If you play this game to the extreme, you end up with polkit: Convenience > everywhere, but due to the complexity you can almost expect that your system > is vulnerable. Only running everything directly as root is even more > convenient and only slightly less secure :) I do remember using sux for using gui apps with root. I forgot it's thanks to pam that sudo works as expected now. -- Emanuele Rusconi -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
