Alexander Skwar schreef: > Patrick McLean schrieb: > > >> Running a system withoug pam is a rather strange thing to do on a >> modern Linux system, and I can think of very few reasons to do it. > > > What do you need PAM for, when there's basically just one (human) > user on the system and the system acts as a "consumer" (ie. no > servers)? Why add the complexity of PAM? Where's the gain - in *THAT* > scenario? >
What I found even worse than the irrelevancy of PAM in that situation (which is mine), was what Walter Dnes mentioned: > "everything you know is wrong" when it comes to config files all over > the place. You end up using entirely several different config files > to control access. When PAM broke for me (as it did for so many others) during the Great PAM Debacle of a year or two ago, I was *shocked* to discover that I knew nothing at all about PAM configuration, and couldn't figure out anything about PAM configuration--despite having used Gentoo for a couple of years already and having figured out plenty of things that I had previously known nothing about. I was forced to stand by and watch as my authentication protocols progressively broke-- first GUI su (programs that pop up a dialog to give root privileges), then my DE login, then my console login. What distressed me the most-- even more than "having to" install another distro in order to ultimately do an alternative reinstall-- was that it was clear that PAM was mission-critical.... yet the first I ever heard of/dealt with it was when it broke. That seemed so un-Gentoo-like to me that I totally lost my bearings about the whole issue. By the time I got back from my dalliance with SuSE, people had figured out how to run a PAM-free system, ebuilds that had previously depended on PAM now had PAM optional and I was free to put -pam in my USE flags and hope to have a working system. Which I did, and do. I'm sure that PAM has a function, and that function is important for those who need a lot of authentication protocols to be passed to their machine (as in the case of servers that need to be protected). But for the average Jill or Joe like me, who runs no servers and doesn't have to ever do things like ssh into my machine (because I'm sitting right here), I think it's overkill.... and in this case, rather dangerous overkill, because if this unnecessary set of protocols ever does break (again), the average Jill or Joe is quite up the creek without a paddle. Holly -- gentoo-user@gentoo.org mailing list
