Alexander Skwar schreef:
> Patrick McLean schrieb:
> 
> 
>> Running a system withoug pam is a rather strange thing to do on a
>> modern Linux system, and I can think of very few reasons to do it.
> 
> 
> What do you need PAM for, when there's basically just one (human)
> user on the system and the system acts as a "consumer" (ie. no
> servers)? Why add the complexity of PAM? Where's the gain - in *THAT*
> scenario?
> 

What I found even worse than the irrelevancy of PAM in that situation
(which is mine), was what Walter Dnes mentioned:

> "everything you know is wrong" when it comes to config files all over
> the place.  You end up using entirely several different config files
> to control access.

When PAM broke for me (as it did for so many others) during the Great
PAM Debacle of a year or two ago, I was *shocked* to discover that I
knew nothing at all about PAM configuration, and couldn't figure out
anything about PAM configuration--despite having used Gentoo for a
couple of years already and having figured out plenty of things that I
had previously known nothing about.

I was forced to stand by and watch as my authentication protocols
progressively broke-- first GUI su (programs that pop up a dialog to
give root privileges), then my DE login, then my console login. What
distressed me the most-- even more than "having to" install another
distro in order to ultimately do an alternative reinstall-- was that it
was clear that PAM was mission-critical.... yet the first I ever heard
of/dealt with it was when it broke. That seemed so un-Gentoo-like to me
that I totally lost my bearings about the whole issue.

By the time I got back from my dalliance with SuSE, people had figured
out how to run a PAM-free system, ebuilds that had previously depended
on PAM now had PAM optional and I was free to put -pam in my USE flags
and hope to have a working system. Which I did, and do.

I'm sure that PAM has a function, and that function is important for
those who need a lot of authentication protocols to be passed to their
machine (as in the case of servers that need to be protected). But for
the average Jill or Joe like me, who runs no servers and doesn't have to
ever do things like ssh into my machine (because I'm sitting right
here), I think it's overkill.... and in this case, rather dangerous
overkill, because if this unnecessary set of protocols ever does break
(again), the average Jill or Joe is quite up the creek without a paddle.

Holly
-- 
gentoo-user@gentoo.org mailing list

Reply via email to