On Tue, 26 Sep 2006 13:04:30 +0900 "Jerome Pinot" <[EMAIL PROTECTED]> babbled:
> On 9/26/06, Michael Jennings <[EMAIL PROTECTED]> wrote: > > On Monday, 25 September 2006, at 14:54:36 (+0900), > > Jerome Pinot wrote: > > > > > That's not only for *BSD, some Linux distro like Slackware doesn't > > > use PAM. > > > > Ah, Slackware... The most advanced Linux technology 1995 has to > > offer. > > I will just suggest you look at what Slackware _really_ provides or > believe your doing some kind of humour. > > BTW, for 1 year, at least thousand of people used E17 with Slackware: > http://sourceforge.net/project/stats/detail.php?group_id=148645&ugn=slacke17&type=prdownload&mode=alltime&package_id=0 > > In several days, Slackware 11.0 and the new SlackE17 will be out. > Almost 50 packages of the very last of E17 cvs code (the one of > tomorrow). > > So I'm not sure running Slackware brings you 10 years ago :-) > > > > Is there any workaround (or a small patch to get back the personal > > > password)? > > > > I would love to hear a justification for not using PAM. > > Here are severals: > > Patrick Volkerding (2003-09-23): > "If you see a security problem reported which depends on PAM, you can > be glad you run Slackware. I think a better name for PAM might be > SCAM, for Swiss Cheese Authentication Modules, and have never felt > that the small amount of convenience it provides is worth the great > loss of system security. We miss out on half a dozen security problems > a year by not using PAM, but you can always install it yourself if you > feel that you're missing out on the fun. (No, don't do that.) OK, I'm > done ranting here. :-)" > > Look at this: > http://search.cert.org/query.html?col=certadv&col=incnotes&col=vulnotes&qt=pam&charset=iso-8859-1 > > Some technical informations about why OpenBSD guys don't use PAM: > http://mail-index.netbsd.org/tech-userlevel/2001/06/26/0000.html > > IMHO, PAM is a complex security system, so if you don't require it > (and most of the time, you can use an other way), you should not use > it. > > To be honest, desklock is not a major feature of E17, but it could be > good to have a portable way of using it. PAM should not be require or > you put aside from this feature not so few people. Moreover, PAM > doesn't seems to be implemented the same way everywhere. > > > A patch to reinstate the personal password might be accepted so long > > as it correctly employed UNIX permissions to keep the password > > private. > > OK. well unfortunate then for openbsd and slackware users. pam is the only widely available abstraction for authenticating users & their passwords. passwords in shadow files using unknown hashing/encryption, only accessible by root basically make it all hell without something like pam. well i guess by choosing your distribution you choose to not have such features. your choice. -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [EMAIL PROTECTED] 裸好多 Tokyo, Japan (東京 日本) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ enlightenment-users mailing list enlightenment-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-users