From owner-freebsd-stable Thu Oct 3 17: 8:59 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1807737B401 for ; Thu, 3 Oct 2002 17:08:58 -0700 (PDT) Received: from tomts12-srv.bellnexxia.net (tomts12.bellnexxia.net [209.226.175.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 148F643E65 for ; Thu, 3 Oct 2002 17:08:57 -0700 (PDT) (envelope-from dmagda@number6.dyndns.org) Received: from number6.magda.ca ([64.229.228.6]) by tomts12-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20021004000855.BPRO4068.tomts12-srv.bellnexxia.net@number6.magda.ca>; Thu, 3 Oct 2002 20:08:55 -0400 Received: from number6.magda.ca (localhost.magda.ca [127.0.0.1]) by number6.magda.ca (8.12.6/8.12.6) with ESMTP id g9408rjG014879 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 3 Oct 2002 20:08:54 -0400 (EDT) (envelope-from dmagda@number6.dyndns.org) Received: (from dmagda@localhost) by number6.magda.ca (8.12.6/8.12.6/Submit) id g9408pbm014876; Thu, 3 Oct 2002 20:08:51 -0400 (EDT) (envelope-from dmagda@number6.dyndns.org) X-Authentication-Warning: number6.magda.ca: dmagda set sender to dmagda@number6.magda.ca using -f To: "Jamie Heckford" Cc: Subject: Re: sshd_config vs. PAM References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> <002e01c26873$3d717a50$3264a8c0@BONG> Reply-To: dmagda@ee.ryerson.ca From: David Magda Date: 03 Oct 2002 20:08:51 -0400 In-Reply-To: <002e01c26873$3d717a50$3264a8c0@BONG> Message-ID: <864rc3f4ks.fsf@number6.magda.ca> Lines: 23 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Jamie Heckford" writes: > I would very much like to see ssh completely detached from PAM, and > have the PAM ties as an option you have to enable as opposed to it > being the default. I disagree. Everything should use PAM by default. It's why it was invented: so that all authentication goes through one mechanism. If you then want to add/take away something, you only have to do it in one place. If, as a matter of policy/preference, you want to change things locally there should be a make.conf setting of some kind. What other exceptions should be made with regards to PAM? xdm(1) perhaps? telnetd(8)? -- David Magda Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message