* Jeroen Dekkers
[...] | The Hurd has more security features than Linux has. I have never seen | a password server for Linux for example. I am not 100% sure what you mean by password server but from the short description I have seen of it, kerberos does much of the same thing: give out an authentication token after being given a password. You also have stuff like RADIUS and partially NIS. Also, PAM is usually used for authentication which can use anything as the backend, including authenticating against stuff like Samba servers. [...] | It would have been better if you have a port 80 cabability and could | give that to apache. Then apache could be running without uids. Take a look at authbind. [...] | > Anyway. The Hurd needs some basic firewalling tools. | | If you really insist on those firewalling things we can make a deal, | if you eliminate all suid binaries for Debian GNU/Linux I make sure | that the Hurd has firewalling functionality like netfiler. And I'm | even friendly for you now, I could've asked you to make all daemons | runs without uids by default. :-) There is no such concept as without uid, at least in Linux. (And I wonder how you would do stuff like su without having su SUID root or having the CAP_CHANGEUID (or whatever it's called) capability.) Sure, you can get rid of SUID executables -- just switch to capabilities instead. Except that I don't think the file system supports saving them atm (so you would get SCAP instead of SUID). -- Tollef Fog Heen ,''`. UNIX is user friendly, it's just picky about who its friends are : :' : `. `' `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]