Subject: Re: PAM vulnerability in portable OpenSSH
To: Damien Miller <djm@mindrot.org>
From: Austin Gonyou <austin@coremetrics.com>
List: current-users
Date: 09/23/2003 23:13:53
On Tue, 2003-09-23 at 17:08, Damien Miller wrote:
[...]
> So I think that the recommendation to disable PAM unless you need it
> is 
> a conservative one. For sites that just use password or OpenSSH's
> native
> authentication methods, the only thing that PAM really buys you is a 
> standard log message.
> 
> -d

I'd hate to say it, but I both agree and disagree. I disagree because of
the various uses of the different pam modules that can be used to
customize a login. It's relatively maintainable from a configuration
perspective. So I think your last statement is true and false at the
same time, depending. I just had to say something about it, not that PAM
doesn't have it's problems, but it's more than a logger.
-- 
Austin Gonyou <austin@coremetrics.com>
Coremetrics, Inc.