Date: Sat, 23 Oct 1999 04:31:28 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: security@FreeBSD.ORG Subject: Re: Kerberos integration into ports--in particular, SSH Message-ID: <Pine.LNX.4.05.9910230426550.18308-100000@jason.argos.org> In-Reply-To: <Pine.BSF.3.96.991021104015.47188E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> It looks like many ports still don't use PAM for authentication. This is > not something I have time to address, it's just a comment that it would be > nice if now that we have PAM, things used PAM :-). Also, it's a little > funky to have an /etc/auth.conf and a /etc/pam.conf -- auth.conf seems > only to affect su? It seems that a lot of the system still doesn't use PAM for auth... A quick grep of ftpd (a recent pamifying project) returns: twikki:/usr/src/libexec/ftpd$ grep -i pam * Makefile:.PATH: ${.CURDIR}/../../lib/libpam/modules/pam_kerberosIV We developed some changes to ftpd to support PAM (haven't submitted them yet -- a couple of quirks to work out), but I'm sure a lot of the system doesn't handle it yet. Is there a doc somewhere which gets into this, or does one need to be written? We're trying to handle security through a PAM/(PostgreSQL|MySQL) interface as much as possible, so we're willing to do a bit of fixing if necessary. --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9910230426550.18308-100000>