Well sometimes i say things before really thinking, i apologize. but to
think seriously that pam provides more security to your system .. please!
security goes WAY WAY WAY beyond your password suite type. I admit that
yes, if you have an old des non shadowing system that houses many many
users than yes, you should use another scheme for security reasons. But
other than that, no, pam doesnt provide any security increase. Yes i did
say somethings before really reading thoroughly, sorry once again. I
think we all do sometimes, please dont discredit me because of this.
Again the table is open for ideas and correct me if you think im in error
Justin Fisher: [EMAIL PROTECTED]
On Mon, 23 Aug 1999, Ken Wilson wrote:
> We'll ignore the fact that you want to insult people who are only trying
> to help by calling them morons and not get into any name calling
> ourselves.
>
> If you had gone to the two URLS I'd suggested you would have seen that
> PAM allows you to set your level of security to anything you want. It
> provides one source to control all your security needs, from
> zippitty-doo-dah, in which case I want your IP number, to tighter than
> Fort Knox with a bout of constipation. The idea behind PAM is to give
> you a one stop configuration for all your security needs rather than
> having to re-compile everything anytime you change your security
> methods.
>
> As far as deleting it, I don't know how because the thought has never
> crossed my mind. I prefer to learn to work with my tools rather than
> just throw them out because I don't understand them quite yet.
>
> Ken Wilson
> First Law of Optimization: The speed of a nonworking program is
> irrelevant
> (Steve Heller, 'Efficient C/C++ Programming')
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Justin Fisher
> > Sent: Monday, August 23, 1999 6:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [newbie] Uninstalling PAM
> >
> >
> >
> > Absolutely Not. There are substitutes for PAM. How has unix evolved
> > these 30 some years w/o it? What about shadow and md5? or just shadow
> > and des? or just plain des for that matter. I dont care if
> > i dont have a
> > /etc/shadow file. However, i do not like having a ton of extra system
> > calls for something that used to be done in one step. Pam is
> > a waste. It
> > is not an increase in security by any means. It is simply a
> > name placed
> > on something, a buzzword if you will. Slackware linux doesnt have it.
> > Redhat used to not have it. Many many many distributions
> > dont have it. I
> > dont see how you can get off comparing the lack of PAM on
> > your system to
> > running a version of the OS produced in Redmond Washington. It is
> > absurdity. Next time i dont think i will use Mandrake linux
> > or Redhat or
> > any other linux 'buzzword' distribution as i am using now -
> > it is because
> > of crap like this that i have to put up with. All i want to
> > know is what
> > steps do i need to go through in order to rid my system of PAM. Yes i
> > know that many systems were compiled and linked to its library. Yes i
> > know that many many packages for mandrake 6 depend on it.
> > But is there a
> > package i can download to replace the packages that were compiled and
> > linked to PAM and replace also the PAM package itself with a standard
> > password suite.
> >
> > If I am wrong in my thinking that PAM is not a security
> > increase over a
> > standard shadowed password suite with md5 encrypting please
> > correct me.
> > But as I understand it, all PAM does is check to see if the calling
> > program is 'validated' per say to access the password suite.
> > This is a
> > waste.. it should and IS handled all at filesystem level with only
> > allowing certain users (root) readable and writeable access to certain
> > files (/etc/shadow). Sure, If you are a complete moron and
> > make the file
> > writeable or even readable by a user other than the
> > superuser.. then you
> > might need PAM.. otherwise.. its a waste. I hope i made my
> > point clear.
> >
> > Thanks.
> >
> >
> > Justin Fisher: [EMAIL PROTECTED]
> >
> > On Mon, 23 Aug 1999, Civileme wrote:
> >
> > > Well, what will you substitute?
> > >
> > > You can run without authentication those things capable of
> > running without
> > > authentication by
> > > starting
> > >
> > > LILO Boot: linux 1
> > >
> > > You might want to drag stuff over to runlevel 1 with the
> > Sys V editor and
> > > see what will work.
> > >
> > > Windows 9x is set up to run with bolt-on authentication,
> > and it has many
> > > applications written by Microsoft that *depend* on access
> > to the core
> > > operating system. You have seen the results, I imagine. A
> > new exploit
> > > every few days, and $7.6 BILLION in the first 6 months of
> > 1999, attributable
> > > to the use of those exploits, in business losses. Running
> > Windows 9x
> > > connected to the internet is just *begging* to be cracked.
> > >
> > > But, just as Office 97 is bound to the Windows Op systems
> > very tightly, so
> > > is PAM to Linux. If you have other authentication modules
> > to substitute,
> > > the source code is available to hook 'em in in place of
> > PAM, and I suppose
> > > you could recompile with PAM excluded as well. Might be a
> > task of large
> > > proportions to find and eradicate the whole set of hooks.
> > >
> > > And if you did, something like the bliss virus would be far
> > more capable
> > > against your system than it is now.
> > >
> > > I apologize for the previous boisterous response to your
> > inquiry, but I
> > > really want you to know PAM is there for a reason, and is
> > looked for by many
> > > services, resources, processes, etc.
> > >
> > > So the effect of eliminating PAM would be either that you
> > are denied access
> > > to many things completely or that you have little or no
> > protection from
> > > .... anyone you might be connected to.
> > >
> > > Civileme
> > >
> > > Justin Fisher wrote:
> > >
> > > > how do i uninstall the PAM package the best way? anyone
> > ever tried to do
> > > > this? Anyone a really big fan of pam... i personally
> > think its a huge
> > > > waste and i dont like it at all.
> > > >
> > > > Justin Fisher: [EMAIL PROTECTED]
> > >
> > > --
> > > visit http://homepages.msn.com/invalid_url ....
> > > Is Microsoft afraid to pay itself license fees for IIS?
> > > Sure looks like an Apache (open-source) Signature to me
> > >
> > >
> > >
> >
> >
>
