On Mon, 23 Aug 1999, Justin Fisher wrote:
> Well sometimes i say things before really thinking, i apologize. but to
> think seriously that pam provides more security to your system .. please!
> security goes WAY WAY WAY beyond your password suite type. I admit that
> yes, if you have an old des non shadowing system that houses many many
> users than yes, you should use another scheme for security reasons. But
> other than that, no, pam doesnt provide any security increase. Yes i did
> say somethings before really reading thoroughly, sorry once again. I
> think we all do sometimes, please dont discredit me because of this.
> Again the table is open for ideas and correct me if you think im in error
>
> Justin Fisher: [EMAIL PROTECTED]
Really read that doc, heres a snipet to get the techies drooling :)
"
The flexibility of Linux-PAM is that you, the system administrator,
have the freedom to stipulate which authentication scheme is to be
used. You have the freedom to set the scheme for any/all PAM-aware
applications on your Linux system. That is, you can authenticate from
anything as naive as simple trust (pam_permit) to something as
paranoid as a combination of a retinal scan, a voice print and a one-
time password!
"
I don't know about anybody else but i'd be damned impressed with "a
combination of a retinal scan, a voice print and a one-
time password!" ;)
> On Mon, 23 Aug 1999, Ken Wilson wrote:
>
> > We'll ignore the fact that you want to insult people who are only trying
> > to help by calling them morons and not get into any name calling
> > ourselves.
> >
> > If you had gone to the two URLS I'd suggested you would have seen that
> > PAM allows you to set your level of security to anything you want. It
> > provides one source to control all your security needs, from
> > zippitty-doo-dah, in which case I want your IP number, to tighter than
> > Fort Knox with a bout of constipation. The idea behind PAM is to give
> > you a one stop configuration for all your security needs rather than
> > having to re-compile everything anytime you change your security
> > methods.
> >
> > As far as deleting it, I don't know how because the thought has never
> > crossed my mind. I prefer to learn to work with my tools rather than
> > just throw them out because I don't understand them quite yet.
> >
> > Ken Wilson
> > First Law of Optimization: The speed of a nonworking program is
> > irrelevant
> > (Steve Heller, 'Efficient C/C++ Programming')
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Fisher
> > > Sent: Monday, August 23, 1999 6:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [newbie] Uninstalling PAM
> > >
> > >
> > >
> > > Absolutely Not. There are substitutes for PAM. How has unix evolved
> > > these 30 some years w/o it? What about shadow and md5? or just shadow
> > > and des? or just plain des for that matter. I dont care if
> > > i dont have a
> > > /etc/shadow file. However, i do not like having a ton of extra system
> > > calls for something that used to be done in one step. Pam is
> > > a waste. It
> > > is not an increase in security by any means. It is simply a
> > > name placed
> > > on something, a buzzword if you will. Slackware linux doesnt have it.
> > > Redhat used to not have it. Many many many distributions
> > > dont have it. I
> > > dont see how you can get off comparing the lack of PAM on
> > > your system to
> > > running a version of the OS produced in Redmond Washington. It is
> > > absurdity. Next time i dont think i will use Mandrake linux
> > > or Redhat or
> > > any other linux 'buzzword' distribution as i am using now -
> > > it is because
> > > of crap like this that i have to put up with. All i want to
> > > know is what
> > > steps do i need to go through in order to rid my system of PAM. Yes i
> > > know that many systems were compiled and linked to its library. Yes i
> > > know that many many packages for mandrake 6 depend on it.
> > > But is there a
> > > package i can download to replace the packages that were compiled and
> > > linked to PAM and replace also the PAM package itself with a standard
> > > password suite.
> > >
> > > If I am wrong in my thinking that PAM is not a security
> > > increase over a
> > > standard shadowed password suite with md5 encrypting please
> > > correct me.
> > > But as I understand it, all PAM does is check to see if the calling
> > > program is 'validated' per say to access the password suite.
> > > This is a
> > > waste.. it should and IS handled all at filesystem level with only
> > > allowing certain users (root) readable and writeable access to certain
> > > files (/etc/shadow). Sure, If you are a complete moron and
> > > make the file
> > > writeable or even readable by a user other than the
> > > superuser.. then you
> > > might need PAM.. otherwise.. its a waste. I hope i made my
> > > point clear.
> > >
> > > Thanks.
> > >
> > >
> > > Justin Fisher: [EMAIL PROTECTED]
> > >
> > > On Mon, 23 Aug 1999, Civileme wrote:
> > >
> > > > Well, what will you substitute?
> > > >
> > > > You can run without authentication those things capable of
> > > running without
> > > > authentication by
> > > > starting
> > > >
> > > > LILO Boot: linux 1
> > > >
> > > > You might want to drag stuff over to runlevel 1 with the
> > > Sys V editor and
> > > > see what will work.
> > > >
> > > > Windows 9x is set up to run with bolt-on authentication,
> > > and it has many
> > > > applications written by Microsoft that *depend* on access
> > > to the core
> > > > operating system. You have seen the results, I imagine. A
> > > new exploit
> > > > every few days, and $7.6 BILLION in the first 6 months of
> > > 1999, attributable
> > > > to the use of those exploits, in business losses. Running
> > > Windows 9x
> > > > connected to the internet is just *begging* to be cracked.
> > > >
> > > > But, just as Office 97 is bound to the Windows Op systems
> > > very tightly, so
> > > > is PAM to Linux. If you have other authentication modules
> > > to substitute,
> > > > the source code is available to hook 'em in in place of
> > > PAM, and I suppose
> > > > you could recompile with PAM excluded as well. Might be a
> > > task of large
> > > > proportions to find and eradicate the whole set of hooks.
> > > >
> > > > And if you did, something like the bliss virus would be far
> > > more capable
> > > > against your system than it is now.
> > > >
> > > > I apologize for the previous boisterous response to your
> > > inquiry, but I
> > > > really want you to know PAM is there for a reason, and is
> > > looked for by many
> > > > services, resources, processes, etc.
> > > >
> > > > So the effect of eliminating PAM would be either that you
> > > are denied access
> > > > to many things completely or that you have little or no
> > > protection from
> > > > .... anyone you might be connected to.
> > > >
> > > > Civileme
> > > >
> > > > Justin Fisher wrote:
> > > >
> > > > > how do i uninstall the PAM package the best way? anyone
> > > ever tried to do
> > > > > this? Anyone a really big fan of pam... i personally
> > > think its a huge
> > > > > waste and i dont like it at all.
> > > > >
> > > > > Justin Fisher: [EMAIL PROTECTED]
> > > >
> > > > --
> > > > visit http://homepages.msn.com/invalid_url ....
> > > > Is Microsoft afraid to pay itself license fees for IIS?
> > > > Sure looks like an Apache (open-source) Signature to me
> > > >
> > > >
> > > >
> > >
> > >
> >
>
>
--
MandrakeSoft http://www.mandrakesoft.com/
--Axalon
