Re: [gentoo-user] root password gremlin

Holly Bostick Sun, 20 Nov 2005 05:57:23 -0800

Arturo 'Buanzo' Busleiman schreef:
> Alexander Skwar wrote:
> 
>>> /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow.
> 
> 
> /etc/shadow was provided by an additional package and libraries. Just
> like PAM. Shadow changed from being a security measure to be an auth
> storage backend. As a storage backend, it needs libraries to access
> it. That's where PAM enters.
>


No, that's where PAM *can* enter, but it *need* not--

eix shadow
* sys-apps/shadow
     Available versions:  4.0.4.1-r4 4.0.5-r2 4.0.5-r3 ~4.0.6-r1 ~4.0.7
~4.0.7-r1 4.0.7-r3 4.0.7-r4 ~4.0.11.1-r1 ~4.0.11.1-r2 ~4.0.12 ~4.0.13
     Installed:           4.0.7-r4
     Homepage:            http://shadow.pld.org.pl/
     Description:         Utilities to deal with user accounts


 eix pam
* app-vim/pam-syntax
     Available versions:  20030818
     Installed:           none
     Homepage:
http://www.vim.org/scripts/script.php?script_id=735
     Description:         vim plugin: PAM configuration syntax highlighting

* dev-perl/Authen-PAM
     Available versions:  0.14 ~0.16
     Installed:           none
     Homepage:            http://www.cs.kuleuven.ac.be/~pelov/pam/
     Description:         Interface to PAM library

* kde-base/kdebase-pam
     Available versions:  4 5 6
     Installed:           none
     Homepage:            http://www.kde.org
     Description:         pam.d files used by several KDE components.

* net-mail/checkpassword-pam
     Available versions:  0.97 0.99
     Installed:           none
     Homepage:            http://checkpasswd-pam.sourceforge.net/
     Description:         checkpassword-compatible authentication
program w/pam support

* net-www/mod_auth_pam
     Available versions:  1.1.1 ~1.1.1-r1
     Installed:           none
     Homepage:            http://pam.sourceforge.net/mod_auth_pam/
     Description:         PAM authentication module for Apache2

* sys-apps/pam-login
     Available versions:  3.14 3.17 ~4.0.11.1-r2 ~4.0.12
     Installed:           none
     Homepage:            http://www.thkukuk.de/pam/pam_login/
     Description:         Based on the sources from util-linux, with
added pam and shadow features

* sys-auth/pam_ldap
     Available versions:  156 ~161 ~164 ~167 171 176 176-r1 ~178 178-r1 180
     Installed:           none
     Homepage:            http://www.padl.com/OSS/pam_ldap.html
     Description:         PAM LDAP Module

* sys-auth/pam_ssh_agent
     Available versions:  ~0.1 0.2 ~0.2-r1
     Installed:           none
     Homepage:            http://pam-ssh-agent.sourceforge.net/
     Description:         PAM module that spawns a ssh-agent and adds
identities using the password supplied at login

* sys-auth/pam_usb
     Available versions:  0.3.1 0.3.2
     Installed:           none
     Homepage:            http://www.pamusb.org/
     Description:         A PAM module that enables authentication using
an USB-Storage device (such as an USB Pen) through DSA private/public keys.

* sys-auth/pam_smb
     Available versions:  1.9.9-r1 2.0.0_rc5 ~2.0.0_rc6
     Installed:           none
     Homepage:            http://www.csn.ul.ie/~airlied/pam_smb/
     Description:         The PAM SMB module, which allows
authentication against an NT server.

* sys-auth/pam_ssh
     Available versions:  1.9 1.91 ~1.91-r1
     Installed:           none
     Homepage:            http://pam-ssh.sourceforge.net/
     Description:         Uses ssh-agent to provide single sign-on

* sys-auth/pam_dotfile
     Available versions:  0.7 ~0.7-r1
     Installed:           none
     Homepage:
http://www.stud.uni-hamburg.de/users/lennart/projects/pam_dotfile/
     Description:         pam module to allow password-storing in
$HOME/dotfiles

* sys-auth/pam_passwdqc
     Available versions:  0.7.5 ~1.0.2
     Installed:           none
     Homepage:            http://www.openwall.com/passwdqc/
     Description:         Password strength checking for PAM aware
password changing programs

* sys-auth/pam_mysql
     Available versions:  ~0.4.7 0.5 ~0.6.0
     Installed:           none
     Homepage:            http://pam-mysql.sourceforge.net/
     Description:         pam_mysql is a module for pam to authenticate
users with mysql

* sys-auth/pam_krb5
     Available versions:  1.0 1.0-r1 ~20030601 ~20030601-r1
     Installed:           none
     Homepage:            http://www.fcusack.com/
     Description:         Pam module for MIT Kerberos V

* sys-auth/pam_pwdfile
     Available versions:  ~0.99
     Installed:           none
     Homepage:            http://cpbotha.net/pam_pwdfile.html
     Description:         PAM module for authenticating against
passwd-like files.

* sys-auth/pam_require
     Available versions:  ~0.6
     Installed:           none
     Homepage:
http://www.splitbrain.org/Programming/C/pam_require/
     Description:         Allows you to require a special group or user
to access a service.

* sys-libs/pam
     Available versions:  0.77-r6 ~0.77-r8 0.78-r2 0.78-r3
     Installed:           none
     Homepage:            http://www.kernel.org/pub/linux/libs/pam/
     Description:         Based on the multilib eclass


 equery hasuse pam
[ Searching for USE flag pam in all categories among: ]
 * installed packages
[I--] [  ] app-admin/sudo-1.6.8_p9-r2 (0)
[I--] [  ] app-misc/mc-4.6.0-r14 (0)
[I--] [  ] app-misc/screen-4.0.2-r4 (0)
[I--] [  ] dev-libs/cyrus-sasl-2.1.20 (2)
[I--] [  ] dev-util/cvs-1.12.12-r2 (0)
[I--] [  ] gnome-base/gdm-2.8.0.5 (0)
[I--] [  ] net-fs/samba-3.0.20b (0)
[I--] [  ] net-mail/mailbase-1 (0)
[I--] [  ] net-misc/openssh-4.2_p1 (0)
[I--] [  ] net-print/cups-1.1.23-r1 (0)
[I--] [  ] net-proxy/dante-1.1.18 (0)
[I--] [  ] sys-apps/shadow-4.0.7-r4 (0)
[I--] [  ] sys-apps/util-linux-2.12r (0)
[I--] [  ] sys-process/fcron-3.0.0 (0)
[I--] [  ] x11-base/xorg-x11-6.8.99.15-r4 (0)

 emerge -pv app-admin/sudo mc cyrus-sasl gdm samba mailbase cups dante
shadow util-linux fcron xorg-x11

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] app-admin/sudo-1.6.8_p9-r2  +ldap +offensive -pam
(-selinux) -skey 0 kB
[ebuild   R   ] app-misc/mc-4.6.0-r14  +7zip -X +gpm +ncurses +nls -pam
-samba +slang +unicode 0 kB
[ebuild   R   ] dev-libs/cyrus-sasl-2.1.20  -authdaemond -berkdb +gdbm
+java -kerberos +ldap -mysql -pam -postgres +ssl -static 1,733 kB
[ebuild   R   ] gnome-base/gdm-2.8.0.5  -debug -ipv6 -pam (-selinux)
+tcpd -xinerama 0 kB
[ebuild   R   ] net-fs/samba-3.0.20b  -acl +async +automount +cups -doc
-examples -kerberos +ldap -ldapsam +libclamav -mysql +oav -pam -postgres
+python -quotas +readline (-selinux) -swat -syslog -winbind +xml +xml2 16 kB
[ebuild   R   ] net-mail/mailbase-1  -pam 0 kB
[ebuild   R   ] net-print/cups-1.1.23-r1  +nls -pam +samba -slp +ssl
8,501 kB
[ebuild   R   ] net-proxy/dante-1.1.18  -debug -pam (-selinux) +tcpd 0 kB
[ebuild   R   ] sys-apps/shadow-4.0.7-r4  +nls -nousuid -pam (-selinux)
-skey 0 kB
[ebuild   R   ] sys-apps/util-linux-2.12r  +crypt +nls -old-crypt -pam
+perl (-selinux) -static 0 kB
[ebuild   R   ] sys-process/fcron-3.0.0  -debug +doc -pam (-selinux) 0 kB
[ebuild   R   ] x11-base/xorg-x11-6.8.99.15-r4  -3dfx +bitmap-fonts -cjk
-debug -doc +font-server +insecure-drivers -ipv6 -minimal +nls -nocxx
+opengl -pam -sdk -static +truetype-fonts +type1-fonts (-uclibc) +xprint
+xv 0 kB

Total size of downloads: 10,251 kB

As you see, all the relevant programs that *can* use PAM (which is
*optional*) do *not* do so on my system. I do not need PAM
authentication, and I do not use PAM authentication. As far as I know,
my system runs fine (or at least has no PAM-related issues).

What more is there to say?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

Reply via email to