[gentoo-user] root password gremlin

[gentoo-user] root password gremlin

[ÿffffc1lvaro Castro]

Hello all!

This is just a short question...

Does anyone know why it doesn't allow me to log on my
system?
I just installed gentoo...

I KNOW my password. And I also tried the 2 techniques
for changing it (the init="/bin/sh" in the bootloader
and chrooting from the live-cd). I change them
succesfully but it still doesn't work!
It is reeeeeeeaally strange. Maybe because I don't
have an alternative user created?

Thank you very much!


.alvaro.castro.


		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Michael Sullivan]

On Thu, 2005-11-17 at 20:17 +0100, ÿffffc1lvaro Castro wrote:
> Hello all!
> 
> This is just a short question...
> 
> Does anyone know why it doesn't allow me to log on my
> system?
> I just installed gentoo...
> 
> I KNOW my password. And I also tried the 2 techniques
> for changing it (the init="/bin/sh" in the bootloader
> and chrooting from the live-cd). I change them
> succesfully but it still doesn't work!
> It is reeeeeeeaally strange. Maybe because I don't
> have an alternative user created?
> 
> Thank you very much!
> 
> 
> .alvaro.castro.

Have you run passwd for the root user while in the chroot environment?

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Michael Kjorling]

[-- Attachment #1: Type: text/plain, Size: 663 bytes --]

On 2005-11-17 20:17 +0100, alvcastro@yahoo.es wrote:
> I KNOW my password. And I also tried the 2 techniques
> for changing it (the init="/bin/sh" in the bootloader
> and chrooting from the live-cd). I change them
> succesfully but it still doesn't work!

Check to make sure the console is listed in /etc/securetty, otherwise
you won't be able to log in as root directly. (However, you can log in
as a normal user and then use `su'.)

-- 
Michael Kjörling, michael@kjorling.com - http://michael.kjorling.com/
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* ..... No bird soars too high if he soars with his own wings ..... *

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] root password gremlin

[ÿffffc1lvaro Castro]

Hi!

Yes... I've done it a couple of times to be sure...

Other thing: my console is using UTF-8 ¿maybe...?
The console is still not working properly, it shows
deformed characters because of the resolution.

thanks!

> Have you run passwd for the root user while in the
> chroot environment?
>


		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Kjorling wrote:
> Check to make sure the console is listed in /etc/securetty, otherwise
> you won't be able to log in as root directly. (However, you can log in
> as a normal user and then use `su'.)

... if that user is in the wheel group.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfN2KAlpOsGhXcE0RAvmAAJ9mfXW7vVqyOS3gUicwdEVUJ5y1wwCfa7NU
efbkILA3c+wSwY3fzLdOWC8=
=Wh1x
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[ÿffffc1lvaro Castro]

Hello!

Yes, I can find
tts/0
in /etc/securetty
The point is that the normal user can't login neither.

thanks!

.alvaro.castro.




 --- Michael Kjorling <michael@kjorling.com> escribió:

> On 2005-11-17 20:17 +0100, alvcastro@yahoo.es wrote:
> > I KNOW my password. And I also tried the 2
> techniques
> > for changing it (the init="/bin/sh" in the
> bootloader
> > and chrooting from the live-cd). I change them
> > succesfully but it still doesn't work!
> 
> Check to make sure the console is listed in
> /etc/securetty, otherwise
> you won't be able to log in as root directly.
> (However, you can log in
> as a normal user and then use `su'.)
> 
> -- 
> Michael Kjörling, michael@kjorling.com -
> http://michael.kjorling.com/
> * ASCII Ribbon Campaign: Against HTML Mail,
> Proprietary Attachments *
> * ..... No bird soars too high if he soars with his
> own wings ..... *
> 



		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ÿffffc1lvaro Castro wrote:
> The point is that the normal user can't login neither.

You probable removed "pam" from your /etc/make.conf USE flags. That wont allow you to login, no
matter what user you try.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfO0vAlpOsGhXcE0RAosxAJ9hPaF7gkni4yvRLtxq5z+sZnd62QCdGuwU
5o6WJPEyVHFbemCRVqTlyfg=
=6x8v
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[ÿffffc1lvaro Castro]

Uff!

Yes! That's for sure, since I made my own make.conf
and I didn't know this was necessary!
hum... how can I solve that?
I mean, what things should I recompile?
emerge --newuse world???


!!!thanks

.alvaro.castro.



 --- Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
escribió:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ÿffffc1lvaro Castro wrote:
> > The point is that the normal user can't login
> neither.
> 
> You probable removed "pam" from your /etc/make.conf
> USE flags. That wont allow you to login, no
> matter what user you try.
> 
> - --
> Arturo "Buanzo" Busleiman - www.buanzo.com.ar
> Consultor en Seguridad Informatica / Dominio Digital
> TV - Da FOSS man!
> KTP Consultores - info AT ktpconsultores.com.ar
> 
> Romper un sistema de seguridad los acerca tanto a
> ser hackers como el
> encender autos puenteando los convierte en
> ingenieros automotrices.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird -
> http://enigmail.mozdev.org
> 
>
iD8DBQFDfO0vAlpOsGhXcE0RAosxAJ9hPaF7gkni4yvRLtxq5z+sZnd62QCdGuwU
> 5o6WJPEyVHFbemCRVqTlyfg=
> =6x8v
> -----END PGP SIGNATURE-----
> -- 
> gentoo-user@gentoo.org mailing list
> 
> 



		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es


		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ÿffffc1lvaro Castro wrote:
> Yes! That's for sure, since I made my own make.conf
> and I didn't know this was necessary!

buanzo@murray ~ $ grep ^pam /usr/portage/profiles/use*
/usr/portage/profiles/use.desc:pam - Adds support PAM (Pluggable Authentication Modules) - DANGEROUS
to arbitrarily flip

Remember: use* files are available when installing at the USE-flags-editing step.....

> hum... how can I solve that?
> I mean, what things should I recompile?
> emerge --newuse world???

emerge --newuse system -pv first. See what packages will be recompiled.

After that, revdep-rebuild ill probably be needed.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDfP50AlpOsGhXcE0RAjppAJ9eKVCnRy2hEMvqMnxPqPWmLUQbHQCeItYa
jsnrRcAcP3QVR2KwQJZFrVM=
=aOxE
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 354 bytes --]

On Thu, 17 Nov 2005 22:58:15 +0100 (CET), ÿffffc1lvaro Castro wrote:

> I mean, what things should I recompile?

You need to re-emerge shadow after removing pam.

> emerge --newuse world???

That should cover all bases. IMO it's always worth doing --newuse after a
change to your USE flags.


-- 
Neil Bothwick

(A)bort (R)etry (S)ell it

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] root password gremlin

[Willie Wong]

On Thu, Nov 17, 2005 at 05:50:55PM -0300, Arturo 'Buanzo' Busleiman wrote:
> ?ffffc1lvaro Castro wrote:
> > The point is that the normal user can't login neither.
> 
> You probable removed "pam" from your /etc/make.conf USE flags. That wont allow you to login, no
> matter what user you try.
> 

Clarify? I certainly run my box without pam and I can still login. Is
this some new development that I am not aware of? 

W
-- 
Pintsize: fire, filth, and destruction? 
    Clearly we are going to make good neighbors.
Sortir en Pantoufles: up 5 days, 15:28
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Walter Dnes]

On Thu, Nov 17, 2005 at 10:58:15PM +0100, ?ffffc1lvaro Castro wrote
> Uff!
> 
> Yes! That's for sure, since I made my own make.conf
> and I didn't know this was necessary!
> hum... how can I solve that?
> I mean, what things should I recompile?
> emerge --newuse world???

  You need to emerge *EITHER* pam *OR* shadow.  You can't emerge bothe,
because they provide the same service.  I prefer to run without pam,
because "everything you know is wrong" when it comes to config files all
over the place.  You end up using entirely several different config
files to control access.  If you already know and are comfortable with
pam, fine, go ahead and use it.  You probably do *NOT* want to combine
the learning curve of pam with the learning curve of Gentoo at the same
time.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Walter Dnes]

On Thu, Nov 17, 2005 at 06:11:22PM -0500, Willie Wong wrote

> Clarify? I certainly run my box without pam and I can still login. Is
> this some new development that I am not aware of?

  You need to emerge *EITHER* pam *OR* shadow.  You can't emerge both,
because they provide the same service.  I prefer to run without pam,
because "everything you know is wrong" when it comes to config files
all over the place.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Patrick McLean]

Walter Dnes wrote:
> On Thu, Nov 17, 2005 at 06:11:22PM -0500, Willie Wong wrote
> 
> 
>>Clarify? I certainly run my box without pam and I can still login. Is
>>this some new development that I am not aware of?
> 
> 
>   You need to emerge *EITHER* pam *OR* shadow.  You can't emerge both,
> because they provide the same service.  I prefer to run without pam,
> because "everything you know is wrong" when it comes to config files
> all over the place.
> 

That is outright wrong, pam and shadow are different things. Pam is an 
authentication framework, and shadow is an authentication mechanism. Pam 
lets you use many ways to authenticate (the default being shadow on a 
standard Gentoo system).

Running a system withoug pam is a rather strange thing to do on a modern 
Linux system, and I can think of very few reasons to do it.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Patrick McLean schrieb:

> Running a system withoug pam is a rather strange thing to do on a modern 
> Linux system, and I can think of very few reasons to do it.

What do you need PAM for, when there's basically just one
(human) user on the system and the system acts as a "consumer"
(ie. no servers)? Why add the complexity of PAM? Where's
the gain - in *THAT* scenario?

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Holly Bostick]

Alexander Skwar schreef:
> Patrick McLean schrieb:
> 
> 
>> Running a system withoug pam is a rather strange thing to do on a
>> modern Linux system, and I can think of very few reasons to do it.
> 
> 
> What do you need PAM for, when there's basically just one (human)
> user on the system and the system acts as a "consumer" (ie. no
> servers)? Why add the complexity of PAM? Where's the gain - in *THAT*
> scenario?
> 

What I found even worse than the irrelevancy of PAM in that situation
(which is mine), was what Walter Dnes mentioned:

> "everything you know is wrong" when it comes to config files all over
> the place.  You end up using entirely several different config files
> to control access.

When PAM broke for me (as it did for so many others) during the Great
PAM Debacle of a year or two ago, I was *shocked* to discover that I
knew nothing at all about PAM configuration, and couldn't figure out
anything about PAM configuration--despite having used Gentoo for a
couple of years already and having figured out plenty of things that I
had previously known nothing about.

I was forced to stand by and watch as my authentication protocols
progressively broke-- first GUI su (programs that pop up a dialog to
give root privileges), then my DE login, then my console login. What
distressed me the most-- even more than "having to" install another
distro in order to ultimately do an alternative reinstall-- was that it
was clear that PAM was mission-critical.... yet the first I ever heard
of/dealt with it was when it broke. That seemed so un-Gentoo-like to me
that I totally lost my bearings about the whole issue.

By the time I got back from my dalliance with SuSE, people had figured
out how to run a PAM-free system, ebuilds that had previously depended
on PAM now had PAM optional and I was free to put -pam in my USE flags
and hope to have a working system. Which I did, and do.

I'm sure that PAM has a function, and that function is important for
those who need a lot of authentication protocols to be passed to their
machine (as in the case of servers that need to be protected). But for
the average Jill or Joe like me, who runs no servers and doesn't have to
ever do things like ssh into my machine (because I'm sitting right
here), I think it's overkill.... and in this case, rather dangerous
overkill, because if this unnecessary set of protocols ever does break
(again), the average Jill or Joe is quite up the creek without a paddle.

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[John Jolet]

On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote:

> Patrick McLean schrieb:
>
>> Running a system withoug pam is a rather strange thing to do on a  
>> modern
>> Linux system, and I can think of very few reasons to do it.
>
> What do you need PAM for, when there's basically just one
> (human) user on the system and the system acts as a "consumer"
> (ie. no servers)? Why add the complexity of PAM? Where's
> the gain - in *THAT* scenario?
>

I'm not sure about you, but I can think of MANY times over my career  
when I set up a box "to do just one thing" or "for just one person"  
and down the road all of a sudden, I needed another thing or another  
person.  Retrofitting pam onto a running, configured system is not  
something I'd care to attempt.  Having pam on from the beginning, if  
you don't fiddle with the defaults, poses no extra complexity.  But  
then, I'm a belt and suspenders man.

> Alexander Skwar
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> What do you need PAM for, when there's basically just one
> (human) user on the system and the system acts as a "consumer"
> (ie. no servers)? Why add the complexity of PAM? Where's
> the gain - in *THAT* scenario?

Learning. The whole point of using free, open source software. if you do not want to get messy, then
use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDf0ByAlpOsGhXcE0RAuGDAJ9vG4vf9p2LAWDvX8czlG9g7L1BvwCaAzqG
KeFEVL6VTrUF2LffpV3L/Gg=
=yBYy
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[abhay]

[-- Attachment #1: Type: text/plain, Size: 692 bytes --]

On Saturday 19 Nov 2005 8:40 pm, Arturo 'Buanzo' Busleiman wrote:
> Learning. The whole point of using free, open source software. if you do
> not want to get messy, then use windows. Anyway, if this user chosed all of
> his use flags, then he is probably willing to LEARN.
What? What kind of theory is that? I am using GNU/Linux/OSS because I don't 
want to run into BSODs that Windows presented me every morning when I woke up 
or updating Anti-Virus/Anti-Spyware and lots of other anti's just so that I 
can use my system comfortably. Learning is NOT my primary concern...it is 
just a by-product. What should I do? Stop using OSS and move back to the hell 
of Windows?

Abhay

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

abhay wrote:
> What? What kind of theory is that?

Sorry, I didn't explain myself clearly. I didn't mean to say that "use gnu/linux/oss  for the
purpose of learning". However you can't argue that one gets to learn a lot from simply using it.

So, to clarify:

Learning is the answer to the question, and, *on the other hand*, the whole point of using free,
open source software, is usually to get hands-on software on a lower level than in windows like
platforms.

That's what I wanted to say. Most gnu/linux/oss users like screwing up their systems :P

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDf8fsAlpOsGhXcE0RAr4mAJ9C8/3s5ATk0V9PfZS+cqCtQ06FiwCeM4EF
rCMkS6V2852nXDU+DsrxxYU=
=8wi9
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Holly Bostick]

Arturo 'Buanzo' Busleiman schreef:

> and, *on the other hand*, the whole point of using free, open source 
> software, is usually to get hands-on software on a lower level than 
> in windows like platforms.
> 
> That's what I wanted to say. Most gnu/linux/oss users like screwing 
> up their systems :P
> 

I understand your point, Arturo, but (list-- save this mail, becaue this
is likely the only time you'll ever hear me play devil's advocate on
this issue, and you'll want the proof if you ever want to throw it up in
my face) you're just .... not right.

What you're basically saying is that Linux is for geeks and aspiring
geeks (who enjoy and have time to "screw up their systems" and "get
hands-on software on a lower level than in Windows-like platforms"), and
even if this 1) was historically true; 2) is in some respects still
philosophically true, it is not *functionally* true at this time, and it
will become less functionally true as time goes on.

The general thrust of the OSS/GNU/Linux movement at this time is
distinctly towards attaining some kind of comfort zone for former
Windows users, and former/current Windows users do not care to get
hands-on software, they do not care to screw up their systems (since
that means a reformat and reinstall most of the time), and they are
paralyzed like a deer in the headlights of an oncoming semi at the very
mention of CLI or ($DEITY forfend) man pages (that must be read via the
CLI). These are people who cannot conceive that breaking X does not mean
you can't use your system (because under their previous OS, the GUI
*was* the OS, not like here where X is just another program).

To increase our userbase, the users must come from the proprietary
OSes-- it's not like there's a whole herd of "loose" first-time users
just roaming the plains. These are "owned" users, some of whom have
realized that the barn is burning down around them and have the good
sense to run.

That doesn't mean that they are capable of coping "in the wild", just
because they have been forced out into it, and it doesn't mean that they
ran out into the wild because they "wanted to be free".

I admit the reason I first dual-booted was because I personally never
liked Windows, and hated the inability to understand what my system was
doing. But the reason I've stayed with Linux is not because I "like
screwing up my system"; it's because I really really hate Microsoft's
policies and I refuse to submit to them, and I'm willing to take a
h-e-double-hockey-sticks of a lot of pain (and it has been painful at
times, and-- at many fewer times-- it still is) to back my own refusal.

I admit I enjoy the triumph of overcoming the many obstacles I've
encountered in this journey, but I'm just weird (very hardheaded. That
doesn't mean I ram my head into walls for *fun*, though). Most "average"
users have no interest in overcoming obstacles just to .... I dunno, rip a
DVD (you don't want to know how painful it was learning how to use
transcode, or how long it took), or to play Morrowind or Need for Speed
Most Wanted. And I can't and don't blame them for that, nor do I expect
them to be like me.

They are going to have to change to some extent if they want to switch,
that's true. There's no other way, and it's unfortunate that most
"average" users are completely unaware of the gravity of changing their
OS before they do it. But that's not the same as expecting them to
magically *be* different than what they were, and have different
expectations than what they've had their entire computing life, just
because they switched to Linux, for reasons that are their own, not
yours or mine.

Tolerance is difficult too, but the first step is recognizing that
different people are actually different-- and then finding a way to live
with that.

We're still working on that second part. SuSE has one way, Ubuntu has
another, Linspire has a third direction, and Gentoo yet a fourth. But
it's very much not as if a SuSE user wants to get "hands-on with their
system" (you really hardly can do that with SuSE). Surely a Linspire
user is not prepared in any way to do so (the Linspire target market is
most definitively not the geekish), and even Gentoo users complain(ed)
about the complexities and length of installation, despite the
extraordinarily copious documentation (perhaps no longer so much needed
with the recent switch to Stage 3 default).

So no, I do wish I could agree with you (it would certainly be a more
comfortable environment for me than what we actually have in terms of
geek-friendliness), but I just cannot.

Holly
--

Then anyone who leaves behind him a written manual, and likewise anyone
who receives it, in the belief that such writing will be clear and
certain, must be exceedingly simple-minded. (Plato)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Walter Dnes]

On Sat, Nov 19, 2005 at 06:51:36AM -0600, John Jolet wrote

> On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote:

> >What do you need PAM for, when there's basically just one
> >(human) user on the system and the system acts as a "consumer"
> >(ie. no servers)? Why add the complexity of PAM? Where's
> >the gain - in *THAT* scenario?
> 
> I'm not sure about you, but I can think of MANY times over my career
> when I set up a box "to do just one thing" or "for just one person"
> and down the road all of a sudden, I needed another thing or another
> person.  Retrofitting pam onto a running, configured system is not
> something I'd care to attempt.  Having pam on from the beginning,
> if you don't fiddle with the defaults, poses no extra complexity.
> But then, I'm a belt and suspenders man.

  This is my personal home machine.  I'm the only user on it.  I do not
run publicly visible servers.  I've set iptables to block incoming
connections, excepting a small hole for my backup machine (6-year-old
Dell) so I can ssh/scp backups back and forth.  I've also set my ADSL
modem/router to block *ALL* incoming connections, and *ALL* external
inbound traffic to ports 0..1023.

  My ISP allows externally visible servers, but I haven't bothered to do
so.  It's also conventional wisdom that you do *NOT* mix server apps and
a standard desktop on the same machine.  If I ever do decide to run a
publicly-visible server, I'll get a used machine and run it on that, and
configure that machine from the ground up as a server.  There are still
2 free ethernet ports on the back of my ADSL router/modem.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Walter Dnes]

On Sat, Nov 19, 2005 at 12:10:42PM -0300, Arturo 'Buanzo' Busleiman wrote

> Alexander Skwar wrote:
> > What do you need PAM for, when there's basically just one
> > (human) user on the system and the system acts as a "consumer"
> > (ie. no servers)? Why add the complexity of PAM? Where's
> > the gain - in *THAT* scenario?
> 
> Learning. The whole point of using free, open source software. if
> you do not want to get messy, then use windows. Anyway, if this user
> chosed all of his use flags, then he is probably willing to LEARN.

  It's not that I don't want to learn.  What I want to learn may be
different from what you want to learn.  I'm at the tail end of some
experiments with de-noising digital photos from my camera.  I've learned
a lot about ImageMagick's "convert" command.  It is one seriously
powerful image manipulation toolset.

  My next personal project will be learning postgresql.  I am familiar
with Oracle SQL and PL/SQL.  I'm not a CS, but at work I do write quite
a few read-only queries.  We've got Access via ODBC as well, but once
you get past the really simple stuff, GUI "Query By Example" runs into a
wall.  Anyone aware of any "postgresql user groups" in the Toronto area?

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

John Jolet schrieb:
> On Nov 19, 2005, at 12:39 AM, Alexander Skwar wrote:
> 
>> Patrick McLean schrieb:
>>
>>> Running a system withoug pam is a rather strange thing to do on a  
>>> modern
>>> Linux system, and I can think of very few reasons to do it.
>>
>> What do you need PAM for, when there's basically just one
>> (human) user on the system and the system acts as a "consumer"
>> (ie. no servers)? Why add the complexity of PAM? Where's
>> the gain - in *THAT* scenario?
>>
> 
> I'm not sure about you, but I can think of MANY times over my career  
> when I set up a box "to do just one thing" or "for just one person"  
> and down the road all of a sudden, I needed another thing or another  
> person.

Fine. That's a different scenario.

Please stick to the scenario I mentioned.

>  Retrofitting pam onto a running, configured system is not  
> something I'd care to attempt.  Having pam on from the beginning, if  
> you don't fiddle with the defaults, poses no extra complexity.

And what do you gain by using PAM? Again: Stick to the
scenario I mentioned. I think, that it is not an unusual
scenario - I tend to think, that it'll fit most home users
and also most desktop machines in a *SMALL* office enviroment.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:

> Alexander Skwar wrote:
>> What do you need PAM for, when there's basically just one
>> (human) user on the system and the system acts as a "consumer"
>> (ie. no servers)? Why add the complexity of PAM? Where's
>> the gain - in *THAT* scenario?
> 
> Learning. The whole point of using free, open source software. if you do not want to get messy, then
> use windows. Anyway, if this user chosed all of his use flags, then he is probably willing to LEARN.

What kind of nonsense is that? I suppose, that you'd find
it appropriate to use LDAP for a 1 user machine? Sorry,
but that's absolute bullshit.

Furhter, especially on Windows, there are *WAY* too many
things to get messy with.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> abhay wrote:
>> What? What kind of theory is that?
> 
> Sorry, I didn't explain myself clearly. I didn't mean to say that "use gnu/linux/oss  for the
> purpose of learning". However you can't argue that one gets to learn a lot from simply using it.
> 
> So, to clarify:
> 
> Learning is the answer to the question,

No it's not. The answer to the question: "Why DON'T refrain from
using unneeded software and systems?" is NOT: "Learning".

The answer is: "Do refrain fromusing systems that you don't need".
And for the majority of systems, this would include PAM. Eg.
if it's sufficient to use /etc/{passwd,shadow} as a password/user
database, then there's just no reason to use another (in this
case clearly: useless) layer on top of that. It just adds
unneeded and unwanted complexity for no gain.

So: Why use PAM on systems that fit to the scenario I laid
out?

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Holly Bostick wrote:
> So no, I do wish I could agree with you (it would certainly be a more
> comfortable environment for me than what we actually have in terms of
> geek-friendliness), but I just cannot.

You are probably right... :P - 12 years of floss made me believe otherwise, specially where I live,
Argentina, where it seems that even the most clueless windows user that switches/tries linux, when
first asking a question on a forum, mailing list, whatever, they usually append "I wish I learn
enough so I can help other people, too".

I've worked for SuSE, I'm core-team developer for ututo, plus my "since 12-to-24 linuxism"... you
get my picture: i'm just so geek-nerd-hacker-like I tend to believe most people want to learn.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgGBTAlpOsGhXcE0RAgXMAJkBV1/4407/H2qU/xEKuaLkDh3obQCfSI+k
hix+Pa5dR6HSjhsI51Xs52k=
=JKc/
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> So: Why use PAM on systems that fit to the scenario I laid
> out?

Because, in the very near time, your configuration will be obsoleted by an upgrade, and probably
stop working altogether. It's standard already, I guess.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgGH+AlpOsGhXcE0RAs5/AJ4hY9PpTYM1CePQ1qGrI7lzpIDRdwCfdpag
DnKV7qrWnNiNZ/tr0sHap3Q=
=kMRR
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: root password gremlin

[Francesco Talamona]

On Sunday 20 November 2005 12:27, Alexander Skwar wrote:
> What kind of nonsense is that? I suppose, that you'd find
> it appropriate to use LDAP for a 1 user machine? Sorry,
> but that's absolute bullshit.

I don't think it's a good example: you can set up a Samba box, with a 
LDAP backend with just 2 or 3 *unix* (administrative) users and 
hundreds user into LDAP database. Nscd and PAM do the rest of 
"collage".

So PAM can be of much use for a "few user" machine (ok, acting as a 
server...).

That said I'm quite neutral about PAM, maybe it's just overkill for a 
desktop, maybe it's simply too complex to get rid of it for a standard 
user...

Ciao
	Francesco
-- 
Linux Version 2.6.12-gentoo-r9, Compiled #2 Wed Aug 24 18:43:16 CEST 
2005
One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4325.37 Bogomips Total
aemaeth
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>> So: Why use PAM on systems that fit to the scenario I laid
>> out?
> 
> Because, in the very near time, your configuration will be obsoleted by an upgrade, and probably
> stop working altogether.

No, it won't, I'd think. But, why DO you think so?

> It's standard already, I guess.

No, it isn't.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: root password gremlin

[Alexander Skwar]

Francesco Talamona schrieb:
> On Sunday 20 November 2005 12:27, Alexander Skwar wrote:
>> What kind of nonsense is that? I suppose, that you'd find
>> it appropriate to use LDAP for a 1 user machine? Sorry,
>> but that's absolute bullshit.
> 
> I don't think it's a good example: you can set up a Samba box, with a 
> LDAP backend with just 2 or 3 *unix* (administrative) users and 
> hundreds user into LDAP database. Nscd and PAM do the rest of 
> "collage".

Yes, for such a scenario, I'd of course use PAM as some
sort of layer - no doubt at all!

> So PAM can be of much use for a "few user" machine (ok, acting as a 
> server...).

We're talking about a non-server machine:

| What do you need PAM for, when there's basically just one
| (human) user on the system and the system acts as a "consumer"
| (ie. no servers)? Why add the complexity of PAM? Where's
| the gain - in *THAT* scenario?

See what's in the 2nd ()?

> That said I'm quite neutral about PAM, maybe it's just overkill for a 
> desktop, maybe it's simply too complex to get rid of it for a standard 
> user...

No, it's not too complex to get rid off - if you leave it away
from the beginning. I totally agree, that it's hard to
convert a non-PAM system to PAM - and the other way is also
hard.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> No, it won't, I'd think. But, why DO you think so?

Excessive parts of a working system are curretnly opt-dependant on PAM, but most also use PAM to get
specific functionality they do not want to provide. It just a guess, but I'm sure this trend will
get to parts of a minimal system, too, because of the minimalism required. Applications will provide
auth functionality over PAM, in a centralized library, instead that providing that functionality on
their own. Less size. Less complexity. More code-reusing. Just a guess.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgHNVAlpOsGhXcE0RAj6RAJ9c6mPP0+qUFFrifh287/6vnR57PwCePsDF
ytFxeZbcOpglnNoZ5luq40g=
=MnfX
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
>>It's standard already, I guess.
> No, it isn't.

Why do you think so?

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgHN7AlpOsGhXcE0RAp9IAJ4nv4rIYWIM3EpWH+RJzEoWniucQACaAonr
DSvh/IzgNnTpnDvPYcuYIQI=
=0dT+
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>> No, it won't, I'd think. But, why DO you think so?
> 
> Excessive parts of a working system are curretnly opt-dependant on PAM,

That's wrong. Most support optional PAM support, but
for most it's not a requirement.

> but most also use PAM to get
> specific functionality they do not want to provide.

Yep. And if those functionalities aren't needed, why
use PAM? To learn? I don't think so...

> It just a guess, but I'm sure this trend will
> get to parts of a minimal system,

A minimal system is one, that does NOT use PAM.
PAM is another layer and thus not minimal. If
what you're writing were true, we'd still use
/etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow.

> their own. Less size. Less complexity. More code-reusing. Just a guess.

Wrong. PAM adds complexity.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>>>It's standard already, I guess.
>> No, it isn't.
> 
> Why do you think so?

Standard is something, for which you don't need
additional software. For PAM, you need additional
software, as PAM is already additional software.


-- 
Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> Standard is something, for which you don't need
> additional software. For PAM, you need additional
> software, as PAM is already additional software.

?

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgHkSAlpOsGhXcE0RAnq8AJ9aMKWkTqhRlupPxfUH4CU/urB2hQCfW/PL
075hxRWjXrPXtBohthnCEAs=
=Opn7
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow.

/etc/shadow was provided by an additional package and libraries. Just like PAM. Shadow changed from
being a security measure to be an auth storage backend. As a storage backend, it needs libraries to
access it. That's where PAM enters.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgHlsAlpOsGhXcE0RAophAJ4uayd+KB3MVIB/3hT8O6tc/fheMgCfZGj0
1HszDYiX/bxf2lIFcp6hknI=
=NpjA
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>> Standard is something, for which you don't need
>> additional software. For PAM, you need additional
>> software, as PAM is already additional software.
> 
> ?

Optional things aren't standard. They are
optional. PAM is optional. You don't need
it - at least not for basic setups.

-- 
Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>> /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow.
> 
> /etc/shadow was provided by an additional package and libraries. Just like PAM. Shadow changed from
> being a security measure to be an auth storage backend.

Yep.

> As a storage backend, it needs libraries to
> access it. That's where PAM enters.

You don't need PAM to access /etc/shadow. There
are different ways. You have the option to use
PAM to access /etc/shadow. But there's no requirement
to do so.

Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Holly Bostick]

Arturo 'Buanzo' Busleiman schreef:
> Alexander Skwar wrote:
> 
>>> /etc/passwd like on HP-UX 11.00. Ie. no /etc/shadow.
> 
> 
> /etc/shadow was provided by an additional package and libraries. Just
> like PAM. Shadow changed from being a security measure to be an auth
> storage backend. As a storage backend, it needs libraries to access
> it. That's where PAM enters.
> 

No, that's where PAM *can* enter, but it *need* not--

eix shadow
* sys-apps/shadow
     Available versions:  4.0.4.1-r4 4.0.5-r2 4.0.5-r3 ~4.0.6-r1 ~4.0.7
~4.0.7-r1 4.0.7-r3 4.0.7-r4 ~4.0.11.1-r1 ~4.0.11.1-r2 ~4.0.12 ~4.0.13
     Installed:           4.0.7-r4
     Homepage:            http://shadow.pld.org.pl/
     Description:         Utilities to deal with user accounts


 eix pam
* app-vim/pam-syntax
     Available versions:  20030818
     Installed:           none
     Homepage:
http://www.vim.org/scripts/script.php?script_id=735
     Description:         vim plugin: PAM configuration syntax highlighting

* dev-perl/Authen-PAM
     Available versions:  0.14 ~0.16
     Installed:           none
     Homepage:            http://www.cs.kuleuven.ac.be/~pelov/pam/
     Description:         Interface to PAM library

* kde-base/kdebase-pam
     Available versions:  4 5 6
     Installed:           none
     Homepage:            http://www.kde.org
     Description:         pam.d files used by several KDE components.

* net-mail/checkpassword-pam
     Available versions:  0.97 0.99
     Installed:           none
     Homepage:            http://checkpasswd-pam.sourceforge.net/
     Description:         checkpassword-compatible authentication
program w/pam support

* net-www/mod_auth_pam
     Available versions:  1.1.1 ~1.1.1-r1
     Installed:           none
     Homepage:            http://pam.sourceforge.net/mod_auth_pam/
     Description:         PAM authentication module for Apache2

* sys-apps/pam-login
     Available versions:  3.14 3.17 ~4.0.11.1-r2 ~4.0.12
     Installed:           none
     Homepage:            http://www.thkukuk.de/pam/pam_login/
     Description:         Based on the sources from util-linux, with
added pam and shadow features

* sys-auth/pam_ldap
     Available versions:  156 ~161 ~164 ~167 171 176 176-r1 ~178 178-r1 180
     Installed:           none
     Homepage:            http://www.padl.com/OSS/pam_ldap.html
     Description:         PAM LDAP Module

* sys-auth/pam_ssh_agent
     Available versions:  ~0.1 0.2 ~0.2-r1
     Installed:           none
     Homepage:            http://pam-ssh-agent.sourceforge.net/
     Description:         PAM module that spawns a ssh-agent and adds
identities using the password supplied at login

* sys-auth/pam_usb
     Available versions:  0.3.1 0.3.2
     Installed:           none
     Homepage:            http://www.pamusb.org/
     Description:         A PAM module that enables authentication using
an USB-Storage device (such as an USB Pen) through DSA private/public keys.

* sys-auth/pam_smb
     Available versions:  1.9.9-r1 2.0.0_rc5 ~2.0.0_rc6
     Installed:           none
     Homepage:            http://www.csn.ul.ie/~airlied/pam_smb/
     Description:         The PAM SMB module, which allows
authentication against an NT server.

* sys-auth/pam_ssh
     Available versions:  1.9 1.91 ~1.91-r1
     Installed:           none
     Homepage:            http://pam-ssh.sourceforge.net/
     Description:         Uses ssh-agent to provide single sign-on

* sys-auth/pam_dotfile
     Available versions:  0.7 ~0.7-r1
     Installed:           none
     Homepage:
http://www.stud.uni-hamburg.de/users/lennart/projects/pam_dotfile/
     Description:         pam module to allow password-storing in
$HOME/dotfiles

* sys-auth/pam_passwdqc
     Available versions:  0.7.5 ~1.0.2
     Installed:           none
     Homepage:            http://www.openwall.com/passwdqc/
     Description:         Password strength checking for PAM aware
password changing programs

* sys-auth/pam_mysql
     Available versions:  ~0.4.7 0.5 ~0.6.0
     Installed:           none
     Homepage:            http://pam-mysql.sourceforge.net/
     Description:         pam_mysql is a module for pam to authenticate
users with mysql

* sys-auth/pam_krb5
     Available versions:  1.0 1.0-r1 ~20030601 ~20030601-r1
     Installed:           none
     Homepage:            http://www.fcusack.com/
     Description:         Pam module for MIT Kerberos V

* sys-auth/pam_pwdfile
     Available versions:  ~0.99
     Installed:           none
     Homepage:            http://cpbotha.net/pam_pwdfile.html
     Description:         PAM module for authenticating against
passwd-like files.

* sys-auth/pam_require
     Available versions:  ~0.6
     Installed:           none
     Homepage:
http://www.splitbrain.org/Programming/C/pam_require/
     Description:         Allows you to require a special group or user
to access a service.

* sys-libs/pam
     Available versions:  0.77-r6 ~0.77-r8 0.78-r2 0.78-r3
     Installed:           none
     Homepage:            http://www.kernel.org/pub/linux/libs/pam/
     Description:         Based on the multilib eclass


 equery hasuse pam
[ Searching for USE flag pam in all categories among: ]
 * installed packages
[I--] [  ] app-admin/sudo-1.6.8_p9-r2 (0)
[I--] [  ] app-misc/mc-4.6.0-r14 (0)
[I--] [  ] app-misc/screen-4.0.2-r4 (0)
[I--] [  ] dev-libs/cyrus-sasl-2.1.20 (2)
[I--] [  ] dev-util/cvs-1.12.12-r2 (0)
[I--] [  ] gnome-base/gdm-2.8.0.5 (0)
[I--] [  ] net-fs/samba-3.0.20b (0)
[I--] [  ] net-mail/mailbase-1 (0)
[I--] [  ] net-misc/openssh-4.2_p1 (0)
[I--] [  ] net-print/cups-1.1.23-r1 (0)
[I--] [  ] net-proxy/dante-1.1.18 (0)
[I--] [  ] sys-apps/shadow-4.0.7-r4 (0)
[I--] [  ] sys-apps/util-linux-2.12r (0)
[I--] [  ] sys-process/fcron-3.0.0 (0)
[I--] [  ] x11-base/xorg-x11-6.8.99.15-r4 (0)

 emerge -pv app-admin/sudo mc cyrus-sasl gdm samba mailbase cups dante
shadow util-linux fcron xorg-x11

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] app-admin/sudo-1.6.8_p9-r2  +ldap +offensive -pam
(-selinux) -skey 0 kB
[ebuild   R   ] app-misc/mc-4.6.0-r14  +7zip -X +gpm +ncurses +nls -pam
-samba +slang +unicode 0 kB
[ebuild   R   ] dev-libs/cyrus-sasl-2.1.20  -authdaemond -berkdb +gdbm
+java -kerberos +ldap -mysql -pam -postgres +ssl -static 1,733 kB
[ebuild   R   ] gnome-base/gdm-2.8.0.5  -debug -ipv6 -pam (-selinux)
+tcpd -xinerama 0 kB
[ebuild   R   ] net-fs/samba-3.0.20b  -acl +async +automount +cups -doc
-examples -kerberos +ldap -ldapsam +libclamav -mysql +oav -pam -postgres
+python -quotas +readline (-selinux) -swat -syslog -winbind +xml +xml2 16 kB
[ebuild   R   ] net-mail/mailbase-1  -pam 0 kB
[ebuild   R   ] net-print/cups-1.1.23-r1  +nls -pam +samba -slp +ssl
8,501 kB
[ebuild   R   ] net-proxy/dante-1.1.18  -debug -pam (-selinux) +tcpd 0 kB
[ebuild   R   ] sys-apps/shadow-4.0.7-r4  +nls -nousuid -pam (-selinux)
-skey 0 kB
[ebuild   R   ] sys-apps/util-linux-2.12r  +crypt +nls -old-crypt -pam
+perl (-selinux) -static 0 kB
[ebuild   R   ] sys-process/fcron-3.0.0  -debug +doc -pam (-selinux) 0 kB
[ebuild   R   ] x11-base/xorg-x11-6.8.99.15-r4  -3dfx +bitmap-fonts -cjk
-debug -doc +font-server +insecure-drivers -ipv6 -minimal +nls -nocxx
+opengl -pam -sdk -static +truetype-fonts +type1-fonts (-uclibc) +xprint
+xv 0 kB

Total size of downloads: 10,251 kB

As you see, all the relevant programs that *can* use PAM (which is
*optional*) do *not* do so on my system. I do not need PAM
authentication, and I do not use PAM authentication. As far as I know,
my system runs fine (or at least has no PAM-related issues).

What more is there to say?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> You don't need PAM to access /etc/shadow. There
> are different ways.

That's why PAM can be skipped. I know that. Please tell me about the alternatives, as I'm obviously
missing important information here.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgH5qAlpOsGhXcE0RArVSAJ0Ugb2Ul6dmEouMppe7YgADAz7ssgCeIy+y
fKfKV115dWgRfDrauugmXXE=
=KRDc
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> Optional things aren't standard. They are
> optional. PAM is optional. You don't need
> it - at least not for basic setups.

It is NOW optional. I'm sure this will change, that's why I recommend to try it now that there is
time to still enhance it LOTS.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgH70AlpOsGhXcE0RAnVTAJ0a4TaNnhpGIR/5GfcObkXw+m2kGgCePUys
dmraL474EHQWFYK/JYzcn34=
=khHS
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Holly Bostick wrote:
> As you see, all the relevant programs that *can* use PAM (which is
> *optional*) do *not* do so on my system. I do not need PAM
> authentication, and I do not use PAM authentication. As far as I know,
> my system runs fine (or at least has no PAM-related issues).

I never said PAM was needed :P - I'm defending its usage. :)

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgH/sAlpOsGhXcE0RArfNAJ0VqYK6X+rozqBJKF0kx3HMwwXk+gCfecjS
wMLpnL/yzbhDUZWHaDIUBOM=
=SYKO
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Holly Bostick]

Arturo 'Buanzo' Busleiman schreef:
> Holly Bostick wrote:
> 
>>> As you see, all the relevant programs that *can* use PAM (which
>>> is *optional*) do *not* do so on my system. I do not need PAM 
>>> authentication, and I do not use PAM authentication. As far as I
>>> know, my system runs fine (or at least has no PAM-related
>>> issues).
> 
> 
> I never said PAM was needed :P - I'm defending its usage. :)
> 

Well, defend it, then :-). Why should I-- who has further had (very) bad
experiences with the use of PAM, give it another try, when my system
clearly runs without it, which suggests I have no need for it?

What overwhelming benefit can I gain, that will offset my previous bad
experience and make what I (because of the bad experience) must consider
a risking my system worthwhile?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Holly Bostick wrote:
> Well, defend it, then :-).

:)

> Why should I-- who has further had (very) bad
> experiences with the use of PAM, give it another try, when my system
> clearly runs without it, which suggests I have no need for it?

I'd like to know why. I'm very interested in what your problems were, really.

> What overwhelming benefit can I gain, that will offset my previous bad
> experience and make what I (because of the bad experience) must consider
> a risking my system worthwhile?

The first impression is the one that counts. You will probably never change your mind, and I fully
and sincerely understand/comprehend you.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgIvJAlpOsGhXcE0RAmkGAJwLh38R7aNEALtYVAqBUNulUSwJWACcCW7R
kFHOg0waqR/w3EK04kjxXC8=
=lgeD
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Alexander Skwar]

Arturo 'Buanzo' Busleiman schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alexander Skwar wrote:
>> Optional things aren't standard. They are
>> optional. PAM is optional. You don't need
>> it - at least not for basic setups.
> 
> It is NOW optional. I'm sure this will change,

Well, I'm sure it won't. On low end embedded systems,
you just don't need it. And when discussing base
requirements, it should be made sure that even
the low end is still supported.

Also on normally sized systems, there just is no
requirement for it - as long as the requirements
are simple enough (eg. LDAP? Go PAM! Database? Go
PAM!). But on consumer systems, and that's what
we're talking about!, you won't need PAM. Not
now, not in the future.


Alexander Skwar
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Skwar wrote:
> Also on normally sized systems, there just is no
> requirement for it - as long as the requirements
> are simple enough (eg. LDAP? Go PAM! Database? Go
> PAM!). But on consumer systems, and that's what
> we're talking about!, you won't need PAM. Not
> now, not in the future.

Let's settle this here, then. We've both provided enough arguments, both pro and against our points
of view :)

Nice discussion, anyway!

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDgI9DAlpOsGhXcE0RAkNtAJ41K7mlxQcJ3QDxE/zNwM1LqfuergCeKl4Y
6ZPV6ZtTIP2H45O2NViiyzs=
=b1R6
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Hemmann, Volker Armin]

On Sunday 20 November 2005 14:49, Arturo 'Buanzo' Busleiman wrote:
> Alexander Skwar wrote:
> > Optional things aren't standard. They are
> > optional. PAM is optional. You don't need
> > it - at least not for basic setups.
>
> It is NOW optional. I'm sure this will change, that's why I recommend to
> try it now that there is time to still enhance it LOTS.
>

well,
pam is buggy (ever logged out because of a X crash and not able to play any 
sounds anymore? That was pam)
pam has a long history of security problems
pam is not easy to configure and error prone.
every added layer adds to the risks.

All that I read said, that pam was a temporary solution some years ago - and 
that the chances are big that it will fade into obscurity in the next ones.

For single-user setups it is as needed as a wart.

I am angry with myself, that I installed it, without thinking.
Learning? Where? And why? Most setups don't need it. And the ones that need 
some more complex authentification, can get it in other ways.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] regarding PAM [WAS: root password gremlin]

[Jerry McBride]

On Sunday 20 November 2005 15:24, Hemmann, Volker Armin wrote:
> On Sunday 20 November 2005 14:49, Arturo 'Buanzo' Busleiman wrote:
> > Alexander Skwar wrote:
> > > Optional things aren't standard. They are
> > > optional. PAM is optional. You don't need
> > > it - at least not for basic setups.
> >
> > It is NOW optional. I'm sure this will change, that's why I recommend to
> > try it now that there is time to still enhance it LOTS.
>
> well,
> pam is buggy (ever logged out because of a X crash and not able to play any
> sounds anymore? That was pam)
> pam has a long history of security problems
> pam is not easy to configure and error prone.
> every added layer adds to the risks.
>
> All that I read said, that pam was a temporary solution some years ago -
> and that the chances are big that it will fade into obscurity in the next
> ones.
>
> For single-user setups it is as needed as a wart.
>

Bingo... I manage a herd of laptops... well... I'm done from 100 to 22... but 
PAM isn't on a single one of them and life hasn't been happier.

:')



> I am angry with myself, that I installed it, without thinking.
> Learning? Where? And why? Most setups don't need it. And the ones that need
> some more complex authentification, can get it in other ways.

-- 

******************************************************************************
                     Registered Linux User Number 185956
              FSF Associate Member number 2340 since 05/20/2004
             Join me in chat at #linux-users on irc.freenode.net
    Buy an Xbox for $149.00, run linux on it and Microsoft loses $150.00!
    12:51pm  up 63 days,  4:16,  3 users,  load average: 3.12, 3.06, 3.01
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[kashani]

Arturo 'Buanzo' Busleiman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Holly Bostick wrote:
>>Why should I-- who has further had (very) bad
>>experiences with the use of PAM, give it another try, when my system
>>clearly runs without it, which suggests I have no need for it?
>  
> I'd like to know why. I'm very interested in what your problems were, really.

Do a search on the forums for problems with pam. Read the resulting 
fifty odd threads.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Abhay Kedia]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

On Sunday 20 Nov 2005 7:16 pm, Holly Bostick wrote:
>  equery hasuse pam

Wow!!! I performed that thing on my system and the stupid PAM is everywhere (I 
am scared as shit after reading this thread). What would be the easiest way 
to get rid of PAM from a single user desktop system working smoothly?
Would a -pam in make.conf and emerge -uDN world suffice?

Abhay

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] root password gremlin

[Holly Bostick]

Abhay Kedia schreef:
> On Sunday 20 Nov 2005 7:16 pm, Holly Bostick wrote:
> 
>> equery hasuse pam
> 
> 
> Wow!!! I performed that thing on my system and the stupid PAM is 
> everywhere (I am scared as shit after reading this thread). What 
> would be the easiest way to get rid of PAM from a single user desktop
>  system working smoothly? Would a -pam in make.conf and emerge -uDN 
> world suffice?
> 
> Abhay

Just because you have a lot of packages installed that have the "pam" USE
flag doesn't mean that much-- is the flag actually enabled for those
packages?

If so, and your system is not having any issues, I wouldn't necessarily
become hysterical just yet.

But if you really are concerned, and want to remove it, you might
consider the following wiki entry, and then think about it before making
a decision:

http://www.gentoo-wiki.com/HOWTO_Remove_PAM

HTH,
Holly


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] root password gremlin

[Abhay Kedia]

[-- Attachment #1: Type: text/plain, Size: 595 bytes --]

On Tuesday 22 Nov 2005 4:23 am, Holly Bostick wrote:
> Just because you have a lot of packages installed that have the "pam" USE
> flag doesn't mean that much-- is the flag actually enabled for those
> packages?
>
> If so, and your system is not having any issues, I wouldn't necessarily
> become hysterical just yet.
>
I did a emerge -pv for all those packages and looks like all of them are 
actually using PAM. What I am thinking now is to mask any accidental update 
of PAM in package.mask and hope that it doesn't get messed up 
"just_like_that".

Thanks for the help.
Abhay

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]