From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CCB021382C5 for ; Mon, 21 Dec 2020 04:34:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EF5A3E0931; Mon, 21 Dec 2020 04:34:30 +0000 (UTC) Received: from pmta31.teksavvy.com (pmta31.teksavvy.com [76.10.157.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 85A2EE0920 for ; Mon, 21 Dec 2020 04:34:30 +0000 (UTC) IronPort-SDR: GsQS1nNTDN4VMBrZ9WrdBkuueho2saUNAsbKPm0yDi650RbT5gmtTclKNHEkDcOsxT69J53ASh j6rqdbQgkuog== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2FUQAB4JOBf/yHkSC1igQkHgUiDIFd?= =?us-ascii?q?hiHWEUIYJghUDnCsLCwEBAQEBAQEBASEPBQECBAEBAoRCBAICgXYmNwYOAgM?= =?us-ascii?q?BAQsBAQEFAQEBAQEGBAIChk4Mg1WBBwEBAQEBAQEBAQEBAQEBAQEBAQEWAkV?= =?us-ascii?q?VMAEEATocKAsLJQsEEhBHFQSDJ4JmIA+tOYE0hD8BFg9zhR0GgTiNKUE/gQI?= =?us-ascii?q?/hCo+hCZlAoUoBIFDgQAGK1osgXlHAi2PIY0Emj6BEAqCdIEdiAeSSpMIjz6?= =?us-ascii?q?fGJFPhmVcDYETfQiDJBM9GQ1XkTuKdiYwECcCBgoBAQMJVwGIHoIgAQE?= X-IPAS-Result: =?us-ascii?q?A2FUQAB4JOBf/yHkSC1igQkHgUiDIFdhiHWEUIYJghUDn?= =?us-ascii?q?CsLCwEBAQEBAQEBASEPBQECBAEBAoRCBAICgXYmNwYOAgMBAQsBAQEFAQEBA?= =?us-ascii?q?QEGBAIChk4Mg1WBBwEBAQEBAQEBAQEBAQEBAQEBAQEWAkVVMAEEATocKAsLJ?= =?us-ascii?q?QsEEhBHFQSDJ4JmIA+tOYE0hD8BFg9zhR0GgTiNKUE/gQI/hCo+hCZlAoUoB?= =?us-ascii?q?IFDgQAGK1osgXlHAi2PIY0Emj6BEAqCdIEdiAeSSpMIjz6fGJFPhmVcDYETf?= =?us-ascii?q?QiDJBM9GQ1XkTuKdiYwECcCBgoBAQMJVwGIHoIgAQE?= X-IronPort-AV: E=Sophos;i="5.78,436,1599537600"; d="scan'208";a="150975621" Received: from 45-72-228-33.cpe.teksavvy.com (HELO waltdnes.org) ([45.72.228.33]) by smtp13.teksavvy.com with SMTP; 20 Dec 2020 23:34:28 -0500 Received: by waltdnes.org (sSMTP sendmail emulation); Sun, 20 Dec 2020 23:34:22 -0500 From: "Walter Dnes" Date: Sun, 20 Dec 2020 23:34:22 -0500 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [SOLVED] How do I remove pam during/after an install. Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Archives-Salt: d00149c2-a363-4275-b5d4-73ab5e17258b X-Archives-Hash: fe59d331afc8ced7d32cb2167ac33c8d On Sat, Dec 19, 2020 at 09:19:33PM -0500, John Covici wrote > OK, pardon my ignorance, what is wrong with pam? Aside from the fact > that when you change versions you have to reboot or restart just about > everything. It's obscure/different. That's important, because if you need to tweak a regular config file or fix something broken, the first reaction is to "ask Mr. Google". And you'll almost always get the non-pam answer. In my early days with Gentoo I left the default at pam. But I soon got sick and tired of "implementing configs" I found on Google, only to find they didn't work. The URL I pointed to gives one such example, sudoers. So I simply switched away from pam. pam is one example of the corporate take-over of linux. According to https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec06/history-of-pam pam was released in 1997, by Sun Microsystems, who were a big player in the corporate Unix space at that time. The rationale... it scales better... https://subscription.packtpub.com/book/networking_and_servers/9781904811329/1/ch01lvl1sec08/need-for-pam > Furthermore, the password file does not scale. It might work with > 100 users, but working with 5000 users is a completely different > story. PAM can easily scale to tens of thousands depending on the > chosen back end; changing the back end user database, for example, > from a flat file to an LDAP server will be painful if you are not > using PAM. I've got 3 users on my machine; root; me; and a general-screwing-around-and-testing user. All of them are actually me. pam assumes that some of the 5,000 users at corporate HQ are malicious actors, trying to break into other users' accounts. Ditto for systemd. I've got a NAT-ing router and a "Paranoia Plus" iptables ruleset. So far, that's been sufficient for me. And don't get me started on the corporatization of IPV6. -- Walter Dnes I don't run "desktop environments"; I run useful applications