Dan Nicholson wrote: > On 3/23/06, Bruce Dubbs <[EMAIL PROTECTED]> wrote: >> Dan, >> I agree with Randy about the philosophy of installing Cracklib. I'm >> curious why you would want PAM and not use it. > > Seems I'm alone here, but I don't see them as the same issue. They > both provide security, but completely different aspects. PAM provides > control over authenticating users for programs. Cracklib enforces > password strength. I use PAM.
Inherent in the design of PAM is the module-type of password: "this last module type is required for updating the authentication token associated with the user. Typically, there is one module for each `challenge/response' based authentication (auth) module-type." I admit I don't really understand the last sentence. In any case, cracklib provides a more robust password checking capability than PAM alone. If one bothers to install PAM at all, why would someone not add this? The control is then accomplished via the configuration files. It doesn't need Cracklib to work. If > I was running a system with lots of users who I didn't know, I'd > probably install Cracklib. > > Should the instructions for using PAM without cracklib be removed? No. I was just trying to understand another viewpoint. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
