Date: Sat, 23 Oct 1999 04:31:28 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: security@FreeBSD.ORG Subject: Re: Kerberos integration into ports--in particular, SSH Message-ID: <Pine.LNX.4.05.9910230426550.18308-100000@jason.argos.org> In-Reply-To: <Pine.BSF.3.96.991021104015.47188E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> It looks like many ports still don't use PAM for authentication. This is
> not something I have time to address, it's just a comment that it would be
> nice if now that we have PAM, things used PAM :-). Also, it's a little
> funky to have an /etc/auth.conf and a /etc/pam.conf -- auth.conf seems
> only to affect su?
It seems that a lot of the system still doesn't use PAM for auth... A
quick grep of ftpd (a recent pamifying project) returns:
twikki:/usr/src/libexec/ftpd$ grep -i pam *
Makefile:.PATH: ${.CURDIR}/../../lib/libpam/modules/pam_kerberosIV
We developed some changes to ftpd to support PAM (haven't submitted them
yet -- a couple of quirks to work out), but I'm sure a lot of the system
doesn't handle it yet.
Is there a doc somewhere which gets into this, or does one need to be
written? We're trying to handle security through a PAM/(PostgreSQL|MySQL)
interface as much as possible, so we're willing to do a bit of fixing if
necessary.
--mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9910230426550.18308-100000>