From owner-freebsd-security Fri Feb 14 07:55:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA12341 for security-outgoing; Fri, 14 Feb 1997 07:55:03 -0800 (PST) Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA12332 for ; Fri, 14 Feb 1997 07:54:48 -0800 (PST) Received: (from davidn@localhost) by labs.usn.blaze.net.au (8.8.5/8.8.5) id CAA19999; Sat, 15 Feb 1997 02:54:32 +1100 (EST) Message-ID: <19970215025432.32611@usn.blaze.net.au> Date: Sat, 15 Feb 1997 02:54:32 +1100 From: David Nugent To: Carl Makin Cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD References: <199702140913.KAA25549@bsd.lss.cp.philips.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 In-Reply-To: ; from Carl Makin on Feb 02, 1997 at 10:14:38PM Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Feb 02, 1997 at 10:14:38PM, Carl Makin wrote: > > Further, I think we should not adapt to every new password scheme around. > > Along this topic, has anyone looked at Sunsoft's "PAM" (Pluggable > Authentication Modules). RedHat Linux 4.1 has an implementation. Yes. See also previous comments. > PAM looks like it has the possibility of supporting these schemes > reasonably cheaply. Not cheaply. In fact, from a browse through the existing PAM modules it blows it out into featuritis land. Nor does it seem to scale features to specific users or methods of access as login.conf does, although I quite agree that this could be easily done (it just doesn't seem to be part of the basic system). I just don't see the need to have one entire module handle, for example, /etc/nologin. It's only a few lines of code, for heaven's sake! Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/