Date: Mon, 28 May 2001 17:47:29 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: Mark Murray <mark@grondar.za>, arch@FreeBSD.ORG Subject: Re: PAM, S/Key and authentication schemes. Message-ID: <20010528174728.A39588@xor.obsecurity.org> In-Reply-To: <20010528121804.Q89950@gsmx07.alcatel.com.au>; from peter.jeremy@alcatel.com.au on Mon, May 28, 2001 at 12:18:05PM %2B1000 References: <200105251240.f4PCeO612402@gratis.grondar.za> <20010528121804.Q89950@gsmx07.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 28, 2001 at 12:18:05PM +1000, Peter Jeremy wrote: > On 2001-May-25 14:42:40 +0200, Mark Murray <mark@grondar.za> wrote: > >I'd like to properly PAM-ize the things that need it, and simplify > >where possible and where appropriate. In most cases, this means > >gutting out the convoluted logic if favour of pam _only_. >=20 > Sounds good. >=20 > The only danger area I can see is the need to check root password to > get to single-user if the console is not secure. This needs to work > even if (and especially when) the system is hosed. I wouldn't like to > see init become dependent on the dynamic loader and various PAM > libraries in this case. We also compile all of the PAM modules included in the base system into a static libpam which allows statically-linked binaries to work, up to a point (they won't work if the system administrator tries to use a third-party PAM module) Kris --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7EvGfWry0BWjoQKURAlXgAKCWwtp7fejPKr9Fo3oO9UeMQ5AxXQCg6pkb xXLilEj7eGZJ9RkLmfyrMG0= =qs4k -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010528174728.A39588>