Date: Tue, 04 Aug 1998 21:58:00 -0700 From: Mike Smith <mike@smith.net.au> To: John Polstra <jdp@polstra.com> Cc: Terry Lambert <tlambert@primenet.com>, hackers@FreeBSD.ORG Subject: Re: PAM4FreeBSD Message-ID: <199808050458.VAA00654@antipodes.cdrom.com> In-Reply-To: Your message of "Tue, 04 Aug 1998 17:58:39 PDT." <199808050058.RAA13063@austin.polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Be sure and look at BugTraq and the DOE CICE lists for the Solaris > > PAM vulnerabilities before bringing it all the way in (PAM accounts > > for approximately 2/3's of their recent vulnerabilities). > > Will do. Thanks for the tip. ... and if you want my pet peeve about PAM, it's that the modules have to be visible and loadable in to the application that wants to authenticate/admin/etc. The "right" way (IMHO) to deal with this would be to take a clean slice across the PAM API (which is reasonably compact), encapsulate it into a nice simple synchronous stream protocol, and then put all the PAM library into a daemon. Use our authenticated socket technology and Unix-domain sockets to ensure the integrity of the client-server relationship. This would allow lots of programs (eg. passwd, xlockmore) to be installed non-setuid root, since they only ever authenticate their owner. It would also let you run eg. POP daemons non-setuid-root if they were granted permission to authenticate, etc. Anyway, that's my major gripe about PAM as it stands. That, and the lousy quality of most of the free-source modules out there. 8( -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808050458.VAA00654>