From: Holly Bostick <motub@planet.nl>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] root password gremlin
Date: Sat, 19 Nov 2005 13:07:59 +0100 [thread overview]
Message-ID: <437F159F.6020004@planet.nl> (raw)
In-Reply-To: <437EC8BB.2040507@mid.email-server.info>
Alexander Skwar schreef:
> Patrick McLean schrieb:
>
>
>> Running a system withoug pam is a rather strange thing to do on a
>> modern Linux system, and I can think of very few reasons to do it.
>
>
> What do you need PAM for, when there's basically just one (human)
> user on the system and the system acts as a "consumer" (ie. no
> servers)? Why add the complexity of PAM? Where's the gain - in *THAT*
> scenario?
>
What I found even worse than the irrelevancy of PAM in that situation
(which is mine), was what Walter Dnes mentioned:
> "everything you know is wrong" when it comes to config files all over
> the place. You end up using entirely several different config files
> to control access.
When PAM broke for me (as it did for so many others) during the Great
PAM Debacle of a year or two ago, I was *shocked* to discover that I
knew nothing at all about PAM configuration, and couldn't figure out
anything about PAM configuration--despite having used Gentoo for a
couple of years already and having figured out plenty of things that I
had previously known nothing about.
I was forced to stand by and watch as my authentication protocols
progressively broke-- first GUI su (programs that pop up a dialog to
give root privileges), then my DE login, then my console login. What
distressed me the most-- even more than "having to" install another
distro in order to ultimately do an alternative reinstall-- was that it
was clear that PAM was mission-critical.... yet the first I ever heard
of/dealt with it was when it broke. That seemed so un-Gentoo-like to me
that I totally lost my bearings about the whole issue.
By the time I got back from my dalliance with SuSE, people had figured
out how to run a PAM-free system, ebuilds that had previously depended
on PAM now had PAM optional and I was free to put -pam in my USE flags
and hope to have a working system. Which I did, and do.
I'm sure that PAM has a function, and that function is important for
those who need a lot of authentication protocols to be passed to their
machine (as in the case of servers that need to be protected). But for
the average Jill or Joe like me, who runs no servers and doesn't have to
ever do things like ssh into my machine (because I'm sitting right
here), I think it's overkill.... and in this case, rather dangerous
overkill, because if this unnecessary set of protocols ever does break
(again), the average Jill or Joe is quite up the creek without a paddle.
Holly
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2005-11-19 12:14 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-17 19:17 [gentoo-user] root password gremlin ÿffffc1lvaro Castro
2005-11-17 19:22 ` Michael Sullivan
2005-11-17 19:37 ` ÿffffc1lvaro Castro
2005-11-17 19:37 ` Michael Kjorling
2005-11-17 19:44 ` Arturo 'Buanzo' Busleiman
2005-11-17 20:33 ` ÿffffc1lvaro Castro
2005-11-17 20:50 ` Arturo 'Buanzo' Busleiman
2005-11-17 21:58 ` ÿffffc1lvaro Castro
2005-11-17 22:04 ` Arturo 'Buanzo' Busleiman
2005-11-17 22:44 ` Neil Bothwick
2005-11-19 5:44 ` Walter Dnes
2005-11-17 23:11 ` Willie Wong
2005-11-19 5:45 ` Walter Dnes
2005-11-19 5:57 ` Patrick McLean
2005-11-19 6:39 ` Alexander Skwar
2005-11-19 12:07 ` Holly Bostick [this message]
2005-11-19 12:51 ` John Jolet
2005-11-20 5:57 ` Walter Dnes
2005-11-20 11:15 ` Alexander Skwar
2005-11-19 15:10 ` Arturo 'Buanzo' Busleiman
2005-11-19 17:50 ` abhay
2005-11-20 0:48 ` Arturo 'Buanzo' Busleiman
2005-11-20 1:43 ` Holly Bostick
2005-11-20 11:38 ` Arturo 'Buanzo' Busleiman
2005-11-20 11:32 ` Alexander Skwar
2005-11-20 11:46 ` Arturo 'Buanzo' Busleiman
2005-11-20 12:54 ` Alexander Skwar
2005-11-20 13:00 ` Arturo 'Buanzo' Busleiman
2005-11-20 13:13 ` Alexander Skwar
2005-11-20 13:26 ` Arturo 'Buanzo' Busleiman
2005-11-20 13:40 ` Alexander Skwar
2005-11-20 13:47 ` Arturo 'Buanzo' Busleiman
2005-11-20 13:46 ` Holly Bostick
2005-11-20 13:53 ` Arturo 'Buanzo' Busleiman
2005-11-20 14:36 ` Holly Bostick
2005-11-20 14:44 ` Arturo 'Buanzo' Busleiman
2005-11-20 18:07 ` kashani
2005-11-21 22:14 ` Abhay Kedia
2005-11-21 22:53 ` Holly Bostick
2005-11-22 12:58 ` Abhay Kedia
2005-11-20 13:00 ` [gentoo-user] regarding PAM [WAS: root password gremlin] Arturo 'Buanzo' Busleiman
2005-11-20 13:14 ` Alexander Skwar
2005-11-20 13:24 ` Arturo 'Buanzo' Busleiman
2005-11-20 13:38 ` Alexander Skwar
2005-11-20 13:49 ` Arturo 'Buanzo' Busleiman
2005-11-20 14:51 ` Alexander Skwar
2005-11-20 14:59 ` Arturo 'Buanzo' Busleiman
2005-11-20 15:24 ` Hemmann, Volker Armin
2005-11-20 17:50 ` Jerry McBride
2005-11-20 5:58 ` [gentoo-user] root password gremlin Walter Dnes
2005-11-20 11:27 ` Alexander Skwar
2005-11-20 12:04 ` [gentoo-user] " Francesco Talamona
2005-11-20 12:57 ` Alexander Skwar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=437F159F.6020004@planet.nl \
--to=motub@planet.nl \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox