Re: [gentoo-user] root password gremlin

["Walter Dnes" <waltdnes@waltdnes.org>]

On Sat, Nov 19, 2005 at 06:51:36AM -0600, John Jolet wrote

> On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote:

> >What do you need PAM for, when there's basically just one
> >(human) user on the system and the system acts as a "consumer"
> >(ie. no servers)? Why add the complexity of PAM? Where's
> >the gain - in *THAT* scenario?
> 
> I'm not sure about you, but I can think of MANY times over my career
> when I set up a box "to do just one thing" or "for just one person"
> and down the road all of a sudden, I needed another thing or another
> person.  Retrofitting pam onto a running, configured system is not
> something I'd care to attempt.  Having pam on from the beginning,
> if you don't fiddle with the defaults, poses no extra complexity.
> But then, I'm a belt and suspenders man.

  This is my personal home machine.  I'm the only user on it.  I do not
run publicly visible servers.  I've set iptables to block incoming
connections, excepting a small hole for my backup machine (6-year-old
Dell) so I can ssh/scp backups back and forth.  I've also set my ADSL
modem/router to block *ALL* incoming connections, and *ALL* external
inbound traffic to ports 0..1023.

  My ISP allows externally visible servers, but I haven't bothered to do
so.  It's also conventional wisdom that you do *NOT* mix server apps and
a standard desktop on the same machine.  If I ever do decide to run a
publicly-visible server, I'll get a used machine and run it on that, and
configure that machine from the ground up as a server.  There are still
2 free ethernet ports on the back of my ADSL router/modem.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list