On Sat, Nov 19, 2005 at 06:51:36AM -0600, John Jolet wrote > On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote:
> >What do you need PAM for, when there's basically just one > >(human) user on the system and the system acts as a "consumer" > >(ie. no servers)? Why add the complexity of PAM? Where's > >the gain - in *THAT* scenario? > > I'm not sure about you, but I can think of MANY times over my career > when I set up a box "to do just one thing" or "for just one person" > and down the road all of a sudden, I needed another thing or another > person. Retrofitting pam onto a running, configured system is not > something I'd care to attempt. Having pam on from the beginning, > if you don't fiddle with the defaults, poses no extra complexity. > But then, I'm a belt and suspenders man. This is my personal home machine. I'm the only user on it. I do not run publicly visible servers. I've set iptables to block incoming connections, excepting a small hole for my backup machine (6-year-old Dell) so I can ssh/scp backups back and forth. I've also set my ADSL modem/router to block *ALL* incoming connections, and *ALL* external inbound traffic to ports 0..1023. My ISP allows externally visible servers, but I haven't bothered to do so. It's also conventional wisdom that you do *NOT* mix server apps and a standard desktop on the same machine. If I ever do decide to run a publicly-visible server, I'll get a used machine and run it on that, and configure that machine from the ground up as a server. There are still 2 free ethernet ports on the back of my ADSL router/modem. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list