On Sun, Jun 25, 2006 at 08:21:10PM -0500, Teresa and Dale wrote > Walter Dnes wrote: > > > I did that quite some time ago... back when I dumped PAM entirely<g>. > > How's that work? What do you use for login and such?
Just like everybody else is doing now, I unmerged pam-login and emerged shadow. shadow has always been able to handle logins on its own. I also set "-pam" in USE, and emerged deep and newuse to rebuild all the apps that had built with linkages to pam libs. For good measure, I manually masked out pam libs back then. > Is it more secure or just different? Running without pam is arguably slightly less secure... if you're running a server that has multiple users logging in to the shell. For a home user like me who is the only person logging on to their machine, pam is major overkill. I personally feel that pam should be an option in the same way as NSA SELinux. It's more secure, but it's also more work. And, yes, running without pam is different. I had used linux for 4 years (Redhat, Debian, and CRUX) before switching to Gentoo, and had never used pam. I ran into a lot of situations with services... "You set up the access permissions in *WHAT* file?", at times bordering on the Firesign Theatre album title "Everything You Know Is Wrong". I was used to running without pam, and running with pam was an extra learning curve, on top of the Gentoo learning curve. If you're comfortable with pam, by all means stay with it. You'd probably have to re-learn how to configure your services to dump pam, just like I had to re-learn how to configure my services to use pam. Whatever you're comfortable with. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
