Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Walter Dnes <waltdnes@××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Portage weirdness...
Date: Mon, 26 Jun 2006 04:34:25
Message-Id: 20060626043004.GA7351@waltdnes.org
In Reply to: Re: [gentoo-user] Portage weirdness... by Teresa and Dale
1 On Sun, Jun 25, 2006 at 08:21:10PM -0500, Teresa and Dale wrote
2 > Walter Dnes wrote:
3 >
4 > > I did that quite some time ago... back when I dumped PAM entirely<g>.
5 >
6 > How's that work? What do you use for login and such?
7
8 Just like everybody else is doing now, I unmerged pam-login and
9 emerged shadow. shadow has always been able to handle logins on its
10 own. I also set "-pam" in USE, and emerged deep and newuse to rebuild
11 all the apps that had built with linkages to pam libs. For good
12 measure, I manually masked out pam libs back then.
13
14 > Is it more secure or just different?
15
16 Running without pam is arguably slightly less secure... if you're
17 running a server that has multiple users logging in to the shell. For a
18 home user like me who is the only person logging on to their machine,
19 pam is major overkill. I personally feel that pam should be an option
20 in the same way as NSA SELinux. It's more secure, but it's also more
21 work.
22
23 And, yes, running without pam is different. I had used linux for 4
24 years (Redhat, Debian, and CRUX) before switching to Gentoo, and had
25 never used pam. I ran into a lot of situations with services... "You
26 set up the access permissions in *WHAT* file?", at times bordering on
27 the Firesign Theatre album title "Everything You Know Is Wrong".
28
29 I was used to running without pam, and running with pam was an extra
30 learning curve, on top of the Gentoo learning curve. If you're
31 comfortable with pam, by all means stay with it. You'd probably have to
32 re-learn how to configure your services to dump pam, just like I had to
33 re-learn how to configure my services to use pam. Whatever you're
34 comfortable with.
35
36 --
37 Walter Dnes <waltdnes@××××××××.org> In linux /sbin/init is Job #1
38 My musings on technology and security at http://tech_sec.blog.ca
39 --
40 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups