From owner-freebsd-arch Mon May 28 11:56:23 2001 Delivered-To: freebsd-arch@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 5CB5C37B422 for ; Mon, 28 May 2001 11:56:18 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.3/8.11.3) with ESMTP id f4SItq649486; Mon, 28 May 2001 20:55:52 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200105281855.f4SItq649486@gratis.grondar.za> To: Peter Jeremy Cc: arch@FreeBSD.ORG Subject: Re: PAM, S/Key and authentication schemes. References: <20010528121804.Q89950@gsmx07.alcatel.com.au> In-Reply-To: <20010528121804.Q89950@gsmx07.alcatel.com.au> ; from Peter Jeremy "Mon, 28 May 2001 12:18:05 +1000." Date: Mon, 28 May 2001 20:58:13 +0200 From: Mark Murray Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On 2001-May-25 14:42:40 +0200, Mark Murray wrote: > >I'd like to properly PAM-ize the things that need it, and simplify > >where possible and where appropriate. In most cases, this means > >gutting out the convoluted logic if favour of pam _only_. > > Sounds good. > > The only danger area I can see is the need to check root password to > get to single-user if the console is not secure. This needs to work > even if (and especially when) the system is hosed. I wouldn't like to > see init become dependent on the dynamic loader and various PAM > libraries in this case. No problem. init(8) is pretty safe from ever being PAMized. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message