Re: [gentoo-user] root password gremlin
On Tuesday 22 Nov 2005 4:23 am, Holly Bostick wrote: Just because you have a lot of packages installed that have the pam USE flag doesn't mean that much-- is the flag actually enabled for those packages? If so, and your system is not having any issues, I wouldn't necessarily become hysterical just yet. I did a emerge -pv for all those packages and looks like all of them are actually using PAM. What I am thinking now is to mask any accidental update of PAM in package.mask and hope that it doesn't get messed up just_like_that. Thanks for the help. Abhay pgp5aLM3bYUFH.pgp Description: PGP signature
Re: [gentoo-user] root password gremlin
On Sunday 20 Nov 2005 7:16 pm, Holly Bostick wrote: equery hasuse pam Wow!!! I performed that thing on my system and the stupid PAM is everywhere (I am scared as shit after reading this thread). What would be the easiest way to get rid of PAM from a single user desktop system working smoothly? Would a -pam in make.conf and emerge -uDN world suffice? Abhay pgp0Pf8QelaPl.pgp Description: PGP signature
Re: [gentoo-user] root password gremlin
Abhay Kedia schreef: On Sunday 20 Nov 2005 7:16 pm, Holly Bostick wrote: equery hasuse pam Wow!!! I performed that thing on my system and the stupid PAM is everywhere (I am scared as shit after reading this thread). What would be the easiest way to get rid of PAM from a single user desktop system working smoothly? Would a -pam in make.conf and emerge -uDN world suffice? Abhay Just because you have a lot of packages installed that have the pam USE flag doesn't mean that much-- is the flag actually enabled for those packages? If so, and your system is not having any issues, I wouldn't necessarily become hysterical just yet. But if you really are concerned, and want to remove it, you might consider the following wiki entry, and then think about it before making a decision: http://www.gentoo-wiki.com/HOWTO_Remove_PAM HTH, Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
John Jolet schrieb: On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote: Patrick McLean schrieb: Running a system withoug pam is a rather strange thing to do on a modern Linux system, and I can think of very few reasons to do it. What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? I'm not sure about you, but I can think of MANY times over my career when I set up a box to do just one thing or for just one person and down the road all of a sudden, I needed another thing or another person. Fine. That's a different scenario. Please stick to the scenario I mentioned. Retrofitting pam onto a running, configured system is not something I'd care to attempt. Having pam on from the beginning, if you don't fiddle with the defaults, poses no extra complexity. And what do you gain by using PAM? Again: Stick to the scenario I mentioned. I think, that it is not an unusual scenario - I tend to think, that it'll fit most home users and also most desktop machines in a *SMALL* office enviroment. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schrieb: Alexander Skwar wrote: What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? Learning. The whole point of using free, open source software. if you do not want to get messy, then use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN. What kind of nonsense is that? I suppose, that you'd find it appropriate to use LDAP for a 1 user machine? Sorry, but that's absolute bullshit. Furhter, especially on Windows, there are *WAY* too many things to get messy with. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
abhay wrote:
What? What kind of theory is that?
Sorry, I didn't explain myself clearly. I didn't mean to say that use
gnu/linux/oss for the
purpose of learning. However you can't argue that one gets to learn a lot
from simply using it.
So, to clarify:
Learning is the answer to the question,
No it's not. The answer to the question: Why DON'T refrain from
using unneeded software and systems? is NOT: Learning.
The answer is: Do refrain fromusing systems that you don't need.
And for the majority of systems, this would include PAM. Eg.
if it's sufficient to use /etc/{passwd,shadow} as a password/user
database, then there's just no reason to use another (in this
case clearly: useless) layer on top of that. It just adds
unneeded and unwanted complexity for no gain.
So: Why use PAM on systems that fit to the scenario I laid
out?
Alexander Skwar
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holly Bostick wrote: So no, I do wish I could agree with you (it would certainly be a more comfortable environment for me than what we actually have in terms of geek-friendliness), but I just cannot. You are probably right... :P - 12 years of floss made me believe otherwise, specially where I live, Argentina, where it seems that even the most clueless windows user that switches/tries linux, when first asking a question on a forum, mailing list, whatever, they usually append I wish I learn enough so I can help other people, too. I've worked for SuSE, I'm core-team developer for ututo, plus my since 12-to-24 linuxism... you get my picture: i'm just so geek-nerd-hacker-like I tend to believe most people want to learn. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgGBTAlpOsGhXcE0RAgXMAJkBV1/4407/H2qU/xEKuaLkDh3obQCfSI+k hix+Pa5dR6HSjhsI51Xs52k= =JKc/ -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: So: Why use PAM on systems that fit to the scenario I laid out? Because, in the very near time, your configuration will be obsoleted by an upgrade, and probably stop working altogether. It's standard already, I guess. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgGH+AlpOsGhXcE0RAs5/AJ4hY9PpTYM1CePQ1qGrI7lzpIDRdwCfdpag DnKV7qrWnNiNZ/tr0sHap3Q= =kMRR -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: So: Why use PAM on systems that fit to the scenario I laid out? Because, in the very near time, your configuration will be obsoleted by an upgrade, and probably stop working altogether. No, it won't, I'd think. But, why DO you think so? It's standard already, I guess. No, it isn't. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: No, it won't, I'd think. But, why DO you think so? Excessive parts of a working system are curretnly opt-dependant on PAM, but most also use PAM to get specific functionality they do not want to provide. It just a guess, but I'm sure this trend will get to parts of a minimal system, too, because of the minimalism required. Applications will provide auth functionality over PAM, in a centralized library, instead that providing that functionality on their own. Less size. Less complexity. More code-reusing. Just a guess. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgHNVAlpOsGhXcE0RAj6RAJ9c6mPP0+qUFFrifh287/6vnR57PwCePsDF ytFxeZbcOpglnNoZ5luq40g= =MnfX -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: No, it won't, I'd think. But, why DO you think so? Excessive parts of a working system are curretnly opt-dependant on PAM, That's wrong. Most support optional PAM support, but for most it's not a requirement. but most also use PAM to get specific functionality they do not want to provide. Yep. And if those functionalities aren't needed, why use PAM? To learn? I don't think so... It just a guess, but I'm sure this trend will get to parts of a minimal system, A minimal system is one, that does NOT use PAM. PAM is another layer and thus not minimal. If what you're writing were true, we'd still use /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow. their own. Less size. Less complexity. More code-reusing. Just a guess. Wrong. PAM adds complexity. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow. /etc/shadow was provided by an additional package and libraries. Just like PAM. Shadow changed from being a security measure to be an auth storage backend. As a storage backend, it needs libraries to access it. That's where PAM enters. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgHlsAlpOsGhXcE0RAophAJ4uayd+KB3MVIB/3hT8O6tc/fheMgCfZGj0 1HszDYiX/bxf2lIFcp6hknI= =NpjA -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow. /etc/shadow was provided by an additional package and libraries. Just like PAM. Shadow changed from being a security measure to be an auth storage backend. Yep. As a storage backend, it needs libraries to access it. That's where PAM enters. You don't need PAM to access /etc/shadow. There are different ways. You have the option to use PAM to access /etc/shadow. But there's no requirement to do so. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schreef: Alexander Skwar wrote: /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow. /etc/shadow was provided by an additional package and libraries. Just like PAM. Shadow changed from being a security measure to be an auth storage backend. As a storage backend, it needs libraries to access it. That's where PAM enters. No, that's where PAM *can* enter, but it *need* not-- eix shadow * sys-apps/shadow Available versions: 4.0.4.1-r4 4.0.5-r2 4.0.5-r3 ~4.0.6-r1 ~4.0.7 ~4.0.7-r1 4.0.7-r3 4.0.7-r4 ~4.0.11.1-r1 ~4.0.11.1-r2 ~4.0.12 ~4.0.13 Installed: 4.0.7-r4 Homepage:http://shadow.pld.org.pl/ Description: Utilities to deal with user accounts eix pam * app-vim/pam-syntax Available versions: 20030818 Installed: none Homepage: http://www.vim.org/scripts/script.php?script_id=735 Description: vim plugin: PAM configuration syntax highlighting * dev-perl/Authen-PAM Available versions: 0.14 ~0.16 Installed: none Homepage:http://www.cs.kuleuven.ac.be/~pelov/pam/ Description: Interface to PAM library * kde-base/kdebase-pam Available versions: 4 5 6 Installed: none Homepage:http://www.kde.org Description: pam.d files used by several KDE components. * net-mail/checkpassword-pam Available versions: 0.97 0.99 Installed: none Homepage:http://checkpasswd-pam.sourceforge.net/ Description: checkpassword-compatible authentication program w/pam support * net-www/mod_auth_pam Available versions: 1.1.1 ~1.1.1-r1 Installed: none Homepage:http://pam.sourceforge.net/mod_auth_pam/ Description: PAM authentication module for Apache2 * sys-apps/pam-login Available versions: 3.14 3.17 ~4.0.11.1-r2 ~4.0.12 Installed: none Homepage:http://www.thkukuk.de/pam/pam_login/ Description: Based on the sources from util-linux, with added pam and shadow features * sys-auth/pam_ldap Available versions: 156 ~161 ~164 ~167 171 176 176-r1 ~178 178-r1 180 Installed: none Homepage:http://www.padl.com/OSS/pam_ldap.html Description: PAM LDAP Module * sys-auth/pam_ssh_agent Available versions: ~0.1 0.2 ~0.2-r1 Installed: none Homepage:http://pam-ssh-agent.sourceforge.net/ Description: PAM module that spawns a ssh-agent and adds identities using the password supplied at login * sys-auth/pam_usb Available versions: 0.3.1 0.3.2 Installed: none Homepage:http://www.pamusb.org/ Description: A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private/public keys. * sys-auth/pam_smb Available versions: 1.9.9-r1 2.0.0_rc5 ~2.0.0_rc6 Installed: none Homepage:http://www.csn.ul.ie/~airlied/pam_smb/ Description: The PAM SMB module, which allows authentication against an NT server. * sys-auth/pam_ssh Available versions: 1.9 1.91 ~1.91-r1 Installed: none Homepage:http://pam-ssh.sourceforge.net/ Description: Uses ssh-agent to provide single sign-on * sys-auth/pam_dotfile Available versions: 0.7 ~0.7-r1 Installed: none Homepage: http://www.stud.uni-hamburg.de/users/lennart/projects/pam_dotfile/ Description: pam module to allow password-storing in $HOME/dotfiles * sys-auth/pam_passwdqc Available versions: 0.7.5 ~1.0.2 Installed: none Homepage:http://www.openwall.com/passwdqc/ Description: Password strength checking for PAM aware password changing programs * sys-auth/pam_mysql Available versions: ~0.4.7 0.5 ~0.6.0 Installed: none Homepage:http://pam-mysql.sourceforge.net/ Description: pam_mysql is a module for pam to authenticate users with mysql * sys-auth/pam_krb5 Available versions: 1.0 1.0-r1 ~20030601 ~20030601-r1 Installed: none Homepage:http://www.fcusack.com/ Description: Pam module for MIT Kerberos V * sys-auth/pam_pwdfile Available versions: ~0.99 Installed: none Homepage:http://cpbotha.net/pam_pwdfile.html Description: PAM module for authenticating against passwd-like files. * sys-auth/pam_require Available versions: ~0.6 Installed: none Homepage: http://www.splitbrain.org/Programming/C/pam_require/ Description: Allows you to require a special group or user to access a service. * sys-libs/pam Available versions: 0.77-r6 ~0.77-r8 0.78-r2 0.78-r3 Installed: none
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: You don't need PAM to access /etc/shadow. There are different ways. That's why PAM can be skipped. I know that. Please tell me about the alternatives, as I'm obviously missing important information here. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgH5qAlpOsGhXcE0RArVSAJ0Ugb2Ul6dmEouMppe7YgADAz7ssgCeIy+y fKfKV115dWgRfDrauugmXXE= =KRDc -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schreef: Holly Bostick wrote: As you see, all the relevant programs that *can* use PAM (which is *optional*) do *not* do so on my system. I do not need PAM authentication, and I do not use PAM authentication. As far as I know, my system runs fine (or at least has no PAM-related issues). I never said PAM was needed :P - I'm defending its usage. :) Well, defend it, then :-). Why should I-- who has further had (very) bad experiences with the use of PAM, give it another try, when my system clearly runs without it, which suggests I have no need for it? What overwhelming benefit can I gain, that will offset my previous bad experience and make what I (because of the bad experience) must consider a risking my system worthwhile? Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holly Bostick wrote: Well, defend it, then :-). :) Why should I-- who has further had (very) bad experiences with the use of PAM, give it another try, when my system clearly runs without it, which suggests I have no need for it? I'd like to know why. I'm very interested in what your problems were, really. What overwhelming benefit can I gain, that will offset my previous bad experience and make what I (because of the bad experience) must consider a risking my system worthwhile? The first impression is the one that counts. You will probably never change your mind, and I fully and sincerely understand/comprehend you. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDgIvJAlpOsGhXcE0RAmkGAJwLh38R7aNEALtYVAqBUNulUSwJWACcCW7R kFHOg0waqR/w3EK04kjxXC8= =lgeD -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holly Bostick wrote: Why should I-- who has further had (very) bad experiences with the use of PAM, give it another try, when my system clearly runs without it, which suggests I have no need for it? I'd like to know why. I'm very interested in what your problems were, really. Do a search on the forums for problems with pam. Read the resulting fifty odd threads. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Alexander Skwar schreef: Patrick McLean schrieb: Running a system withoug pam is a rather strange thing to do on a modern Linux system, and I can think of very few reasons to do it. What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? What I found even worse than the irrelevancy of PAM in that situation (which is mine), was what Walter Dnes mentioned: everything you know is wrong when it comes to config files all over the place. You end up using entirely several different config files to control access. When PAM broke for me (as it did for so many others) during the Great PAM Debacle of a year or two ago, I was *shocked* to discover that I knew nothing at all about PAM configuration, and couldn't figure out anything about PAM configuration--despite having used Gentoo for a couple of years already and having figured out plenty of things that I had previously known nothing about. I was forced to stand by and watch as my authentication protocols progressively broke-- first GUI su (programs that pop up a dialog to give root privileges), then my DE login, then my console login. What distressed me the most-- even more than having to install another distro in order to ultimately do an alternative reinstall-- was that it was clear that PAM was mission-critical yet the first I ever heard of/dealt with it was when it broke. That seemed so un-Gentoo-like to me that I totally lost my bearings about the whole issue. By the time I got back from my dalliance with SuSE, people had figured out how to run a PAM-free system, ebuilds that had previously depended on PAM now had PAM optional and I was free to put -pam in my USE flags and hope to have a working system. Which I did, and do. I'm sure that PAM has a function, and that function is important for those who need a lot of authentication protocols to be passed to their machine (as in the case of servers that need to be protected). But for the average Jill or Joe like me, who runs no servers and doesn't have to ever do things like ssh into my machine (because I'm sitting right here), I think it's overkill and in this case, rather dangerous overkill, because if this unnecessary set of protocols ever does break (again), the average Jill or Joe is quite up the creek without a paddle. Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote: Patrick McLean schrieb: Running a system withoug pam is a rather strange thing to do on a modern Linux system, and I can think of very few reasons to do it. What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? I'm not sure about you, but I can think of MANY times over my career when I set up a box to do just one thing or for just one person and down the road all of a sudden, I needed another thing or another person. Retrofitting pam onto a running, configured system is not something I'd care to attempt. Having pam on from the beginning, if you don't fiddle with the defaults, poses no extra complexity. But then, I'm a belt and suspenders man. Alexander Skwar -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? Learning. The whole point of using free, open source software. if you do not want to get messy, then use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDf0ByAlpOsGhXcE0RAuGDAJ9vG4vf9p2LAWDvX8czlG9g7L1BvwCaAzqG KeFEVL6VTrUF2LffpV3L/Gg= =yBYy -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Saturday 19 Nov 2005 8:40 pm, Arturo 'Buanzo' Busleiman wrote: Learning. The whole point of using free, open source software. if you do not want to get messy, then use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN. What? What kind of theory is that? I am using GNU/Linux/OSS because I don't want to run into BSODs that Windows presented me every morning when I woke up or updating Anti-Virus/Anti-Spyware and lots of other anti's just so that I can use my system comfortably. Learning is NOT my primary concern...it is just a by-product. What should I do? Stop using OSS and move back to the hell of Windows? Abhay pgpiTKJ3wHyqC.pgp Description: PGP signature
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 abhay wrote: What? What kind of theory is that? Sorry, I didn't explain myself clearly. I didn't mean to say that use gnu/linux/oss for the purpose of learning. However you can't argue that one gets to learn a lot from simply using it. So, to clarify: Learning is the answer to the question, and, *on the other hand*, the whole point of using free, open source software, is usually to get hands-on software on a lower level than in windows like platforms. That's what I wanted to say. Most gnu/linux/oss users like screwing up their systems :P - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDf8fsAlpOsGhXcE0RAr4mAJ9C8/3s5ATk0V9PfZS+cqCtQ06FiwCeM4EF rCMkS6V2852nXDU+DsrxxYU= =8wi9 -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Arturo 'Buanzo' Busleiman schreef: and, *on the other hand*, the whole point of using free, open source software, is usually to get hands-on software on a lower level than in windows like platforms. That's what I wanted to say. Most gnu/linux/oss users like screwing up their systems :P I understand your point, Arturo, but (list-- save this mail, becaue this is likely the only time you'll ever hear me play devil's advocate on this issue, and you'll want the proof if you ever want to throw it up in my face) you're just not right. What you're basically saying is that Linux is for geeks and aspiring geeks (who enjoy and have time to screw up their systems and get hands-on software on a lower level than in Windows-like platforms), and even if this 1) was historically true; 2) is in some respects still philosophically true, it is not *functionally* true at this time, and it will become less functionally true as time goes on. The general thrust of the OSS/GNU/Linux movement at this time is distinctly towards attaining some kind of comfort zone for former Windows users, and former/current Windows users do not care to get hands-on software, they do not care to screw up their systems (since that means a reformat and reinstall most of the time), and they are paralyzed like a deer in the headlights of an oncoming semi at the very mention of CLI or ($DEITY forfend) man pages (that must be read via the CLI). These are people who cannot conceive that breaking X does not mean you can't use your system (because under their previous OS, the GUI *was* the OS, not like here where X is just another program). To increase our userbase, the users must come from the proprietary OSes-- it's not like there's a whole herd of loose first-time users just roaming the plains. These are owned users, some of whom have realized that the barn is burning down around them and have the good sense to run. That doesn't mean that they are capable of coping in the wild, just because they have been forced out into it, and it doesn't mean that they ran out into the wild because they wanted to be free. I admit the reason I first dual-booted was because I personally never liked Windows, and hated the inability to understand what my system was doing. But the reason I've stayed with Linux is not because I like screwing up my system; it's because I really really hate Microsoft's policies and I refuse to submit to them, and I'm willing to take a h-e-double-hockey-sticks of a lot of pain (and it has been painful at times, and-- at many fewer times-- it still is) to back my own refusal. I admit I enjoy the triumph of overcoming the many obstacles I've encountered in this journey, but I'm just weird (very hardheaded. That doesn't mean I ram my head into walls for *fun*, though). Most average users have no interest in overcoming obstacles just to I dunno, rip a DVD (you don't want to know how painful it was learning how to use transcode, or how long it took), or to play Morrowind or Need for Speed Most Wanted. And I can't and don't blame them for that, nor do I expect them to be like me. They are going to have to change to some extent if they want to switch, that's true. There's no other way, and it's unfortunate that most average users are completely unaware of the gravity of changing their OS before they do it. But that's not the same as expecting them to magically *be* different than what they were, and have different expectations than what they've had their entire computing life, just because they switched to Linux, for reasons that are their own, not yours or mine. Tolerance is difficult too, but the first step is recognizing that different people are actually different-- and then finding a way to live with that. We're still working on that second part. SuSE has one way, Ubuntu has another, Linspire has a third direction, and Gentoo yet a fourth. But it's very much not as if a SuSE user wants to get hands-on with their system (you really hardly can do that with SuSE). Surely a Linspire user is not prepared in any way to do so (the Linspire target market is most definitively not the geekish), and even Gentoo users complain(ed) about the complexities and length of installation, despite the extraordinarily copious documentation (perhaps no longer so much needed with the recent switch to Stage 3 default). So no, I do wish I could agree with you (it would certainly be a more comfortable environment for me than what we actually have in terms of geek-friendliness), but I just cannot. Holly -- Then anyone who leaves behind him a written manual, and likewise anyone who receives it, in the belief that such writing will be clear and certain, must be exceedingly simple-minded. (Plato) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Sat, Nov 19, 2005 at 06:51:36AM -0600, John Jolet wrote On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote: What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? I'm not sure about you, but I can think of MANY times over my career when I set up a box to do just one thing or for just one person and down the road all of a sudden, I needed another thing or another person. Retrofitting pam onto a running, configured system is not something I'd care to attempt. Having pam on from the beginning, if you don't fiddle with the defaults, poses no extra complexity. But then, I'm a belt and suspenders man. This is my personal home machine. I'm the only user on it. I do not run publicly visible servers. I've set iptables to block incoming connections, excepting a small hole for my backup machine (6-year-old Dell) so I can ssh/scp backups back and forth. I've also set my ADSL modem/router to block *ALL* incoming connections, and *ALL* external inbound traffic to ports 0..1023. My ISP allows externally visible servers, but I haven't bothered to do so. It's also conventional wisdom that you do *NOT* mix server apps and a standard desktop on the same machine. If I ever do decide to run a publicly-visible server, I'll get a used machine and run it on that, and configure that machine from the ground up as a server. There are still 2 free ethernet ports on the back of my ADSL router/modem. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Sat, Nov 19, 2005 at 12:10:42PM -0300, Arturo 'Buanzo' Busleiman wrote Alexander Skwar wrote: What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? Learning. The whole point of using free, open source software. if you do not want to get messy, then use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN. It's not that I don't want to learn. What I want to learn may be different from what you want to learn. I'm at the tail end of some experiments with de-noising digital photos from my camera. I've learned a lot about ImageMagick's convert command. It is one seriously powerful image manipulation toolset. My next personal project will be learning postgresql. I am familiar with Oracle SQL and PL/SQL. I'm not a CS, but at work I do write quite a few read-only queries. We've got Access via ODBC as well, but once you get past the really simple stuff, GUI Query By Example runs into a wall. Anyone aware of any postgresql user groups in the Toronto area? -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Thu, Nov 17, 2005 at 10:58:15PM +0100, ?c1lvaro Castro wrote Uff! Yes! That's for sure, since I made my own make.conf and I didn't know this was necessary! hum... how can I solve that? I mean, what things should I recompile? emerge --newuse world??? You need to emerge *EITHER* pam *OR* shadow. You can't emerge bothe, because they provide the same service. I prefer to run without pam, because everything you know is wrong when it comes to config files all over the place. You end up using entirely several different config files to control access. If you already know and are comfortable with pam, fine, go ahead and use it. You probably do *NOT* want to combine the learning curve of pam with the learning curve of Gentoo at the same time. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Thu, Nov 17, 2005 at 06:11:22PM -0500, Willie Wong wrote Clarify? I certainly run my box without pam and I can still login. Is this some new development that I am not aware of? You need to emerge *EITHER* pam *OR* shadow. You can't emerge both, because they provide the same service. I prefer to run without pam, because everything you know is wrong when it comes to config files all over the place. -- Walter Dnes [EMAIL PROTECTED] In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Walter Dnes wrote: On Thu, Nov 17, 2005 at 06:11:22PM -0500, Willie Wong wrote Clarify? I certainly run my box without pam and I can still login. Is this some new development that I am not aware of? You need to emerge *EITHER* pam *OR* shadow. You can't emerge both, because they provide the same service. I prefer to run without pam, because everything you know is wrong when it comes to config files all over the place. That is outright wrong, pam and shadow are different things. Pam is an authentication framework, and shadow is an authentication mechanism. Pam lets you use many ways to authenticate (the default being shadow on a standard Gentoo system). Running a system withoug pam is a rather strange thing to do on a modern Linux system, and I can think of very few reasons to do it. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Patrick McLean schrieb: Running a system withoug pam is a rather strange thing to do on a modern Linux system, and I can think of very few reasons to do it. What do you need PAM for, when there's basically just one (human) user on the system and the system acts as a consumer (ie. no servers)? Why add the complexity of PAM? Where's the gain - in *THAT* scenario? Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Thu, 2005-11-17 at 20:17 +0100, ÿc1lvaro Castro wrote: Hello all! This is just a short question... Does anyone know why it doesn't allow me to log on my system? I just installed gentoo... I KNOW my password. And I also tried the 2 techniques for changing it (the init=/bin/sh in the bootloader and chrooting from the live-cd). I change them succesfully but it still doesn't work! It is reeeaally strange. Maybe because I don't have an alternative user created? Thank you very much! .alvaro.castro. Have you run passwd for the root user while in the chroot environment? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On 2005-11-17 20:17 +0100, [EMAIL PROTECTED] wrote: I KNOW my password. And I also tried the 2 techniques for changing it (the init=/bin/sh in the bootloader and chrooting from the live-cd). I change them succesfully but it still doesn't work! Check to make sure the console is listed in /etc/securetty, otherwise you won't be able to log in as root directly. (However, you can log in as a normal user and then use `su'.) -- Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * . No bird soars too high if he soars with his own wings . * pgprsvc6rvAeQ.pgp Description: PGP signature
Re: [gentoo-user] root password gremlin
Hi! Yes... I've done it a couple of times to be sure... Other thing: my console is using UTF-8 ¿maybe...? The console is still not working properly, it shows deformed characters because of the resolution. thanks! Have you run passwd for the root user while in the chroot environment? __ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Kjorling wrote: Check to make sure the console is listed in /etc/securetty, otherwise you won't be able to log in as root directly. (However, you can log in as a normal user and then use `su'.) ... if that user is in the wheel group. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfN2KAlpOsGhXcE0RAvmAAJ9mfXW7vVqyOS3gUicwdEVUJ5y1wwCfa7NU efbkILA3c+wSwY3fzLdOWC8= =Wh1x -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Hello! Yes, I can find tts/0 in /etc/securetty The point is that the normal user can't login neither. thanks! .alvaro.castro. --- Michael Kjorling [EMAIL PROTECTED] escribió: On 2005-11-17 20:17 +0100, [EMAIL PROTECTED] wrote: I KNOW my password. And I also tried the 2 techniques for changing it (the init=/bin/sh in the bootloader and chrooting from the live-cd). I change them succesfully but it still doesn't work! Check to make sure the console is listed in /etc/securetty, otherwise you won't be able to log in as root directly. (However, you can log in as a normal user and then use `su'.) -- Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * . No bird soars too high if he soars with his own wings . * __ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ÿc1lvaro Castro wrote: The point is that the normal user can't login neither. You probable removed pam from your /etc/make.conf USE flags. That wont allow you to login, no matter what user you try. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfO0vAlpOsGhXcE0RAosxAJ9hPaF7gkni4yvRLtxq5z+sZnd62QCdGuwU 5o6WJPEyVHFbemCRVqTlyfg= =6x8v -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
Uff! Yes! That's for sure, since I made my own make.conf and I didn't know this was necessary! hum... how can I solve that? I mean, what things should I recompile? emerge --newuse world??? !!!thanks .alvaro.castro. --- Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] escribió: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ÿc1lvaro Castro wrote: The point is that the normal user can't login neither. You probable removed pam from your /etc/make.conf USE flags. That wont allow you to login, no matter what user you try. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfO0vAlpOsGhXcE0RAosxAJ9hPaF7gkni4yvRLtxq5z+sZnd62QCdGuwU 5o6WJPEyVHFbemCRVqTlyfg= =6x8v -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list __ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es __ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ÿc1lvaro Castro wrote: Yes! That's for sure, since I made my own make.conf and I didn't know this was necessary! [EMAIL PROTECTED] ~ $ grep ^pam /usr/portage/profiles/use* /usr/portage/profiles/use.desc:pam - Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip Remember: use* files are available when installing at the USE-flags-editing step. hum... how can I solve that? I mean, what things should I recompile? emerge --newuse world??? emerge --newuse system -pv first. See what packages will be recompiled. After that, revdep-rebuild ill probably be needed. - -- Arturo Buanzo Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfP50AlpOsGhXcE0RAjppAJ9eKVCnRy2hEMvqMnxPqPWmLUQbHQCeItYa jsnrRcAcP3QVR2KwQJZFrVM= =aOxE -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Thu, Nov 17, 2005 at 05:50:55PM -0300, Arturo 'Buanzo' Busleiman wrote: ?c1lvaro Castro wrote: The point is that the normal user can't login neither. You probable removed pam from your /etc/make.conf USE flags. That wont allow you to login, no matter what user you try. Clarify? I certainly run my box without pam and I can still login. Is this some new development that I am not aware of? W -- Pintsize: fire, filth, and destruction? Clearly we are going to make good neighbors. Sortir en Pantoufles: up 5 days, 15:28 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] root password gremlin
On Thu, 17 Nov 2005 22:58:15 +0100 (CET), ÿc1lvaro Castro wrote: I mean, what things should I recompile? You need to re-emerge shadow after removing pam. emerge --newuse world??? That should cover all bases. IMO it's always worth doing --newuse after a change to your USE flags. -- Neil Bothwick (A)bort (R)etry (S)ell it signature.asc Description: PGP signature
