Gentoo Archives: gentoo-user

From: Mark David Dumlao <madumlao@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] pam_permit on optional by default on pambase-20101024, but documentation says very dangerous
Date: Wed, 08 Dec 2010 02:55:48
1 Hi.
2 I'm usually slow at updating my gentoo machine, and I think I was
3 behind by about a month from last update. Anyways, I noticed that the
4 recent pambase-20101024 has pam_permit optional on for auth, account
5 and password in /etc/pam.d/system-auth.
7 That didn't sound real neat, so Iooked it up in the manual and it says
8 "very dangerous, use with extreme caution."
10 Following their advice, I look up pam_permit and try to understand why
11 anyone would put it on by default, but the google hits I get on
12 pam_permit are very terse.
14 What does pam_permit do when set to optional for auth, account,
15 password and session? Clearly I don't want my pam to start letting in
16 everybody, but I doubt the gentoo team would either, so maybe I'm just
17 misunderstanding.
19 In the meantime I didn't allow it in.
20 --
21 This email is:    [ ] actionable   [ ] fyi        [x] social
22 Response needed:  [ ] yes          [x] up to you  [ ] no
23 Time-sensitive:   [ ] immediate    [ ] soon       [x] none