From owner-freebsd-stable Sat Oct 5 9:19:40 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA9D337B401 for ; Sat, 5 Oct 2002 09:19:38 -0700 (PDT) Received: from maul.immure.com (ns.immure.com [207.8.42.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 810C843E6A for ; Sat, 5 Oct 2002 09:19:37 -0700 (PDT) (envelope-from bob@immure.com) Received: (from root@localhost) by maul.immure.com (8.11.5/8.11.2) id g95Fpec35372 for freebsd-stable@freebsd.org; Sat, 5 Oct 2002 10:51:40 -0500 (CDT) (envelope-from bob@immure.com) Received: from luke.immure.com (luke.vieo.com [10.1.132.3]) by maul.immure.com (8.11.5/8.11.2) with ESMTP id g95Fpcm35248; Sat, 5 Oct 2002 10:51:38 -0500 (CDT) (envelope-from bob@immure.com) Received: (from root@localhost) by luke.immure.com (8.12.5/8.12.3) id g95Fpc48010242; Sat, 5 Oct 2002 10:51:38 -0500 (CDT) (envelope-from bob@luke.immure.com) Received: from luke.immure.com (localhost [127.0.0.1]) by luke.immure.com (8.12.5/8.12.3) with ESMTP id g95Fpbed010217; Sat, 5 Oct 2002 10:51:37 -0500 (CDT) (envelope-from bob@luke.immure.com) Received: (from bob@localhost) by luke.immure.com (8.12.5/8.12.5/Submit) id g95FpVas010212; Sat, 5 Oct 2002 10:51:31 -0500 (CDT) Date: Sat, 5 Oct 2002 10:51:31 -0500 From: Bob Willcox To: dmagda@ee.ryerson.ca Cc: Jamie Heckford , freebsd-stable@freebsd.org Subject: Re: sshd_config vs. PAM Message-ID: <20021005155131.GA8769@luke.immure.com> Reply-To: Bob Willcox References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> <002e01c26873$3d717a50$3264a8c0@BONG> <864rc3f4ks.fsf@number6.magda.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <864rc3f4ks.fsf@number6.magda.ca> User-Agent: Mutt/1.5.1i X-scanner: scanned by Inflex 1.0.12.3 on luke.immure.com X-scanner: scanned by Inflex 0.1.5c+ on maul.immure.com Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG BTW, is there a way to completely disable PAM on a system? IMHO, PAM helps prove my favorite theory that security times usability is a constant. Bob On Thu, Oct 03, 2002 at 08:08:51PM -0400, David Magda wrote: > "Jamie Heckford" writes: > > > I would very much like to see ssh completely detached from PAM, and > > have the PAM ties as an option you have to enable as opposed to it > > being the default. > > I disagree. > > Everything should use PAM by default. It's why it was invented: so > that all authentication goes through one mechanism. If you then want > to add/take away something, you only have to do it in one place. > > If, as a matter of policy/preference, you want to change things > locally there should be a make.conf setting of some kind. > > What other exceptions should be made with regards to PAM? xdm(1) > perhaps? telnetd(8)? > > -- > David Magda > Because the innovator has for enemies all those who have done well under > the old conditions, and lukewarm defenders in those who may do well > under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Bob Willcox We seem to have forgotten the simple truth that bob@vieo.com reason is never perfect. Only non-sense attains Austin, TX perfection. -- Poul Henningsen [1894-1967] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message