From: "Walter Dnes" <waltdnes@waltdnes.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [SOLVED] How do I remove pam during/after an install.
Date: Sun, 20 Dec 2020 23:34:22 -0500 [thread overview]
Message-ID: <X+AlztZoLlMJes0C@waltdnes.org> (raw)
In-Reply-To: <m3zh29w762.wl-covici@ccs.covici.com>
On Sat, Dec 19, 2020 at 09:19:33PM -0500, John Covici wrote
> OK, pardon my ignorance, what is wrong with pam? Aside from the fact
> that when you change versions you have to reboot or restart just about
> everything.
It's obscure/different. That's important, because if you need to
tweak a regular config file or fix something broken, the first reaction
is to "ask Mr. Google". And you'll almost always get the non-pam
answer. In my early days with Gentoo I left the default at pam. But I
soon got sick and tired of "implementing configs" I found on Google,
only to find they didn't work. The URL I pointed to gives one such
example, sudoers. So I simply switched away from pam.
pam is one example of the corporate take-over of linux. According to
https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec06/history-of-pam
pam was released in 1997, by Sun Microsystems, who were a big player in
the corporate Unix space at that time. The rationale... it scales
better... https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec08/need-for-pam
> Furthermore, the password file does not scale. It might work with
> 100 users, but working with 5000 users is a completely different
> story. PAM can easily scale to tens of thousands depending on the
> chosen back end; changing the back end user database, for example,
> from a flat file to an LDAP server will be painful if you are not
> using PAM.
I've got 3 users on my machine; root; me; and a
general-screwing-around-and-testing user. All of them are actually me.
pam assumes that some of the 5,000 users at corporate HQ are malicious
actors, trying to break into other users' accounts. Ditto for systemd.
I've got a NAT-ing router and a "Paranoia Plus" iptables ruleset. So
far, that's been sufficient for me. And don't get me started on the
corporatization of IPV6.
--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
next prev parent reply other threads:[~2020-12-21 4:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-19 14:50 [gentoo-user] How do I remove pam during/after an install Walter Dnes
2020-12-20 1:52 ` [gentoo-user] [SOLVED] " Walter Dnes
2020-12-20 2:19 ` John Covici
2020-12-20 9:54 ` antlists
2020-12-21 4:34 ` Walter Dnes [this message]
2020-12-21 17:55 ` Michael
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X+AlztZoLlMJes0C@waltdnes.org \
--to=waltdnes@waltdnes.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox