From owner-freebsd-security Sat Nov 21 16:06:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA06357 for freebsd-security-outgoing; Sat, 21 Nov 1998 16:06:08 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from thelab.hub.org (nat0070.mpoweredpc.net [142.177.188.70]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA06352 for ; Sat, 21 Nov 1998 16:06:04 -0800 (PST) (envelope-from scrappy@hub.org) Received: from localhost (scrappy@localhost) by thelab.hub.org (8.9.1/8.9.1) with ESMTP id UAA08946; Sat, 21 Nov 1998 20:05:23 -0400 (AST) (envelope-from scrappy@hub.org) X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs Date: Sat, 21 Nov 1998 20:05:23 -0400 (AST) From: The Hermit Hacker To: Dima Ruban cc: freebsd-security@FreeBSD.ORG Subject: Re: PAM on FreeBSD (was Would this make FreeBSD more secure?) In-Reply-To: <199811191754.JAA11958@burka.rdy.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 19 Nov 1998, Dima Ruban wrote: > Jordan K. Hubbard writes: > > > I wonder whether it's too late to change /usr/include/security to > > > something else like /usr/include/pam > > > > See the commit message. John doesn't like it either, but there > > are good reasons for it nonetheless. Good enough for him to > > exercise an option he himself found icky, anyway. > > Right. His argument was that it would be not the best idea in the world > to hack each and every PAM module that we adopt. > To me - I'd rather ifdef all this stuff than have /usr/include/security > dedicated to PAM. I don't think we should repeat mistakes on some other > operating system. Especially since you've mentioned that we're not taking > modules from Linux (or at least not so many of them). Personally, I kinda like the fact that FreeBSD has finally joined *both* Solaris and Linux in supporting PAM. I realize that for most out there, its a Linux vs FreeBSD sort of thing, but, if I remember my research properly, PAM was a Sun-ism first, that Linux flew with, and just by finally bringing it in, we open ourselves up to a massive amount of new authentication mechanism... Of key interest to me is NDS/Radiusd authentication, as it is what we use on Campus/work...now I can take what i've done with Solaris for authentication and bring my FreeBSD machines up to speed with it :) Thanks loads John...work *long* overdue... Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message