From owner-freebsd-stable Mon Oct 7 17:20: 3 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B74E237B401 for ; Mon, 7 Oct 2002 17:20:00 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-165-226-88.dsl.lsan03.pacbell.net [64.165.226.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A9D343E65 for ; Mon, 7 Oct 2002 17:20:00 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 09ABF66C7B; Mon, 7 Oct 2002 16:56:25 -0700 (PDT) Date: Mon, 7 Oct 2002 16:56:24 -0700 From: Kris Kennaway To: Bob Willcox Cc: Kris Kennaway , Samuel Chow , dmagda@ee.ryerson.ca, Jamie Heckford , freebsd-stable@freebsd.org Subject: Re: sshd_config vs. PAM Message-ID: <20021007235624.GB32177@xor.obsecurity.org> References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> <002e01c26873$3d717a50$3264a8c0@BONG> <864rc3f4ks.fsf@number6.magda.ca> <20021005155131.GA8769@luke.immure.com> <01c201c26e54$f00f54c0$9284412f@SAMCHOW2> <20021007232051.GA31301@xor.obsecurity.org> <20021007234248.GH29829@luke.immure.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <20021007234248.GH29829@luke.immure.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 07, 2002 at 06:42:48PM -0500, Bob Willcox wrote: > On Mon, Oct 07, 2002 at 04:20:51PM -0700, Kris Kennaway wrote: > > On Mon, Oct 07, 2002 at 04:57:39PM -0600, Samuel Chow wrote: > > >=20 > > >=20 > > > > BTW, is there a way to completely disable PAM on a system? > > >=20 > > > I was looking at it a couple months back. There is > > > the NOPAM compiler flag. Unfortunately, telnet and=20 > > > ssh does not obey it. I have some untested patch > > > at home before I got too busy with other non-FreeBSD > > > things. > >=20 > > PAM is considered to be an integral part of the system thesedays; as > > such there's no support for compiling without it. >=20 > Too bad. I find it to be rather painful to understand and configure, and > overkill for most of uses. Well, the point is that the default configuration is supposed to be exactly equivalent to the old non-PAM behaviour, so you shouldn't have to touch *anything* unless you want to change this behaviour (which would have required code changes in the non-PAM case). Kris --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9oh8oWry0BWjoQKURAlzEAJwPBQlVpYJIbS0RuJHbomSeUvzx3QCglFSV TY19p9FpgFmdEc0Jg1d8WD4= =KNXb -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message