On Sat, Dec 19, 2020 at 09:19:33PM -0500, John Covici wrote > OK, pardon my ignorance, what is wrong with pam? Aside from the fact > that when you change versions you have to reboot or restart just about > everything.
It's obscure/different. That's important, because if you need to tweak a regular config file or fix something broken, the first reaction is to "ask Mr. Google". And you'll almost always get the non-pam answer. In my early days with Gentoo I left the default at pam. But I soon got sick and tired of "implementing configs" I found on Google, only to find they didn't work. The URL I pointed to gives one such example, sudoers. So I simply switched away from pam. pam is one example of the corporate take-over of linux. According to https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec06/history-of-pam pam was released in 1997, by Sun Microsystems, who were a big player in the corporate Unix space at that time. The rationale... it scales better... https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec08/need-for-pam > Furthermore, the password file does not scale. It might work with > 100 users, but working with 5000 users is a completely different > story. PAM can easily scale to tens of thousands depending on the > chosen back end; changing the back end user database, for example, > from a flat file to an LDAP server will be painful if you are not > using PAM. I've got 3 users on my machine; root; me; and a general-screwing-around-and-testing user. All of them are actually me. pam assumes that some of the 5,000 users at corporate HQ are malicious actors, trying to break into other users' accounts. Ditto for systemd. I've got a NAT-ing router and a "Paranoia Plus" iptables ruleset. So far, that's been sufficient for me. And don't get me started on the corporatization of IPV6. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
