On Mon, 23 Aug 1999, Justin Fisher wrote:
>
> Absolutely Not. There are substitutes for PAM. How has unix evolved
> these 30 some years w/o it? What about shadow and md5? or just shadow
> and des? or just plain des for that matter. I dont care if i dont have a
> /etc/shadow file. However, i do not like having a ton of extra system
> calls for something that used to be done in one step. Pam is a waste. It
> is not an increase in security by any means. It is simply a name placed
> on something, a buzzword if you will. Slackware linux doesnt have it.
> Redhat used to not have it. Many many many distributions dont have it. I
> dont see how you can get off comparing the lack of PAM on your system to
> running a version of the OS produced in Redmond Washington. It is
> absurdity. Next time i dont think i will use Mandrake linux or Redhat or
> any other linux 'buzzword' distribution as i am using now - it is because
> of crap like this that i have to put up with. All i want to know is what
> steps do i need to go through in order to rid my system of PAM. Yes i
> know that many systems were compiled and linked to its library. Yes i
> know that many many packages for mandrake 6 depend on it. But is there a
> package i can download to replace the packages that were compiled and
> linked to PAM and replace also the PAM package itself with a standard
> password suite.
>
> If I am wrong in my thinking that PAM is not a security increase over a
> standard shadowed password suite with md5 encrypting please correct me.
> But as I understand it, all PAM does is check to see if the calling
> program is 'validated' per say to access the password suite. This is a
> waste.. it should and IS handled all at filesystem level with only
> allowing certain users (root) readable and writeable access to certain
> files (/etc/shadow). Sure, If you are a complete moron and make the file
> writeable or even readable by a user other than the superuser.. then you
> might need PAM.. otherwise.. its a waste. I hope i made my point clear.
>
> Thanks.
maybe a good starting place would be /usr/doc/pam-0.66/txts/pam.txt
> Justin Fisher: [EMAIL PROTECTED]
>
> On Mon, 23 Aug 1999, Civileme wrote:
>
> > Well, what will you substitute?
> >
> > You can run without authentication those things capable of running without
> > authentication by
> > starting
> >
> > LILO Boot: linux 1
> >
> > You might want to drag stuff over to runlevel 1 with the Sys V editor and
> > see what will work.
> >
> > Windows 9x is set up to run with bolt-on authentication, and it has many
> > applications written by Microsoft that *depend* on access to the core
> > operating system. You have seen the results, I imagine. A new exploit
> > every few days, and $7.6 BILLION in the first 6 months of 1999, attributable
> > to the use of those exploits, in business losses. Running Windows 9x
> > connected to the internet is just *begging* to be cracked.
> >
> > But, just as Office 97 is bound to the Windows Op systems very tightly, so
> > is PAM to Linux. If you have other authentication modules to substitute,
> > the source code is available to hook 'em in in place of PAM, and I suppose
> > you could recompile with PAM excluded as well. Might be a task of large
> > proportions to find and eradicate the whole set of hooks.
> >
> > And if you did, something like the bliss virus would be far more capable
> > against your system than it is now.
> >
> > I apologize for the previous boisterous response to your inquiry, but I
> > really want you to know PAM is there for a reason, and is looked for by many
> > services, resources, processes, etc.
> >
> > So the effect of eliminating PAM would be either that you are denied access
> > to many things completely or that you have little or no protection from
> > .... anyone you might be connected to.
> >
> > Civileme
> >
> > Justin Fisher wrote:
> >
> > > how do i uninstall the PAM package the best way? anyone ever tried to do
> > > this? Anyone a really big fan of pam... i personally think its a huge
> > > waste and i dont like it at all.
> > >
> > > Justin Fisher: [EMAIL PROTECTED]
> >
> > --
> > visit http://homepages.msn.com/invalid_url ....
> > Is Microsoft afraid to pay itself license fees for IIS?
> > Sure looks like an Apache (open-source) Signature to me
> >
> >
> >
>
>