bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM authentication patch - v2


From: Derek Robert Price
Subject: Re: PAM authentication patch - v2
Date: Thu, 17 Apr 2003 12:12:30 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Larry Jones wrote:

Derek Robert Price writes:
Speaking of committing, if I read the discussion correctly and noone changed their mind without saying so, we're still at +1 developer votes:

I'm fence sitting.  As I see more and more problems with
incompatibilities between various PAM implementations, I'm becomming
more and more sympathetic to Greg's attitude that we shouldn't be in the
authorization business at all.  If you want PAM, use ssh (or rsh if you
must), not pserver.

The truth is, I mostly agree with Greg too. I just feel that as long as we aren't going to remove system password support, we might as well offer some flexability and let each administrator make the final decisions about where the password comes from. I'm looking at PAM as a way of avoiding and offloading onto others most future work in this area. An administrator could be tunnelling the pserver connections over SSL or via SSH or VPN or IPSec or whatever to feel safe enough. As long as we continue to be clear about the security risks, I don't see the harm in allowing others to make their own choices in this area.

As far as incompatibilities are concerned, I think we will see those disappear as PAM use becomes more widespread. Solaris and Linux are both fairly large user bases as far as the UNIX world is concerned.

Regardless, the change would be on the experimental branch. The changes can be removed if it sparks more complaints or bug reports than we can handle.

Derek

--
               *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
--
I will not grease the monkey bars.
I will not grease the monkey bars.
I will not grease the monkey bars...

         - Bart Simpson on chalkboard, _The Simpsons_







reply via email to

[Prev in Thread] Current Thread [Next in Thread]