Date: Mon, 7 Oct 2002 19:03:55 -0500 From: Bob Willcox <bob@immure.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Samuel Chow <cyschow@shaw.ca>, dmagda@ee.ryerson.ca, Jamie Heckford <jamie@jamiesdomain.org.uk>, freebsd-stable@freebsd.org Subject: Re: sshd_config vs. PAM Message-ID: <20021008000355.GI29829@luke.immure.com> In-Reply-To: <20021007235624.GB32177@xor.obsecurity.org> References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> <002e01c26873$3d717a50$3264a8c0@BONG> <864rc3f4ks.fsf@number6.magda.ca> <20021005155131.GA8769@luke.immure.com> <01c201c26e54$f00f54c0$9284412f@SAMCHOW2> <20021007232051.GA31301@xor.obsecurity.org> <20021007234248.GH29829@luke.immure.com> <20021007235624.GB32177@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 07, 2002 at 04:56:24PM -0700, Kris Kennaway wrote: > On Mon, Oct 07, 2002 at 06:42:48PM -0500, Bob Willcox wrote: > > On Mon, Oct 07, 2002 at 04:20:51PM -0700, Kris Kennaway wrote: > > > On Mon, Oct 07, 2002 at 04:57:39PM -0600, Samuel Chow wrote: > > > > > > > > > > > > > BTW, is there a way to completely disable PAM on a system? > > > > > > > > I was looking at it a couple months back. There is > > > > the NOPAM compiler flag. Unfortunately, telnet and > > > > ssh does not obey it. I have some untested patch > > > > at home before I got too busy with other non-FreeBSD > > > > things. > > > > > > PAM is considered to be an integral part of the system thesedays; as > > > such there's no support for compiling without it. > > > > Too bad. I find it to be rather painful to understand and configure, and > > overkill for most of uses. > > Well, the point is that the default configuration is supposed to be > exactly equivalent to the old non-PAM behaviour, so you shouldn't have > to touch *anything* unless you want to change this behaviour (which > would have required code changes in the non-PAM case). I have to admit, that recently (last year or so) this seems to be the case. It wasn't always that way, though. As I recall, rlogin didn't work w/o modifying the PAM configuration file for quite some time. I still contend that, for the PAM challenged, the description of the configuration file is a tough read. Bob > > Kris -- Bob Willcox We seem to have forgotten the simple truth that bob@vieo.com reason is never perfect. Only non-sense attains Austin, TX perfection. -- Poul Henningsen [1894-1967] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021008000355.GI29829>