Date: Tue, 29 May 2001 08:04:27 +0200 From: Mark Murray <mark@grondar.za> To: Kris Kennaway <kris@obsecurity.org> Cc: arch@FreeBSD.ORG Subject: Re: PAM, S/Key and authentication schemes. Message-ID: <200105290602.f4T62A654885@gratis.grondar.za> In-Reply-To: <20010528174728.A39588@xor.obsecurity.org> ; from Kris Kennaway <kris@obsecurity.org> "Mon, 28 May 2001 17:47:29 MST." References: <20010528174728.A39588@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The only danger area I can see is the need to check root password to > > get to single-user if the console is not secure. This needs to work > > even if (and especially when) the system is hosed. I wouldn't like to > > see init become dependent on the dynamic loader and various PAM > > libraries in this case. > > We also compile all of the PAM modules included in the base system > into a static libpam which allows statically-linked binaries to work, > up to a point (they won't work if the system administrator tries to > use a third-party PAM module) I'll stay out of the static stuff as long as I can for exactly this reason. Init(8) will be especially left alone. :-) M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105290602.f4T62A654885>