On 11/19/08 06:24, Jyri Virkki wrote: > James Carlson wrote: >> >> I agree that using PAM is a bit architecturally suspicious, as we're >> not authenticating users for the purpose of logging them into the >> system, but it has operational advantages, including: > > For some historical trivia, PSARC/2002/053 for iPlanet Application > Server 7 required the app server to add a module to support > authentication via PAM. So that use case has been not only accepted > but actually required by ARC in the past.
Personally I wasn't worried that PAM was used to authenticate users; after all it is a perfect (well, perfect.. :) way to modularize access control policies. What I was surprised about is that PAM was being used to authenticate users against the normal system repositories, i.e. the ones containing actual system-login credentials. Personally, I'm not too fond of internet-facing systems processing all sorts of untrusted data having access to login-credentials. As Jim pointed out, there is a maintenance gain compared to setting up and maintaining separate databases, but from where I'm standing that doesn't compensate for the increased security risk. All of this is not relevant to the case at hand though, as the model has been decided on by the upstream developers. Joep
