--uwB7x3tnyrZQfZJI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 08, 2005 at 07:37:35AM -0500, Christos Zoulas wrote:
> On Mar 8,  7:28am, netbsd@lists.veego.de (Bernd Ernesti) wrote:
> -- Subject: Re: PAM enabled on head
>=20
> | > We have changed PAM to fail closed. I.e. a missing PAM configuration =
will
> | > default to fail authentication as opposed to allow it. We are still
> | > thinking of adding even more strict checks in the authentication path=
, so
> | > that incorrect configurations will not default to allow someone acces=
s.
> |=20
> | So this means that you can no longer login if you don't have an /etc/pa=
m.d
> | or an empty one?
>=20
> Yes.

Speaking of which, there is an issue for people like me who compile with
MKKERBEROS=3Dno.  That way, pam_krb5.so is not built, but yet it is referen=
ced
by the pam configuration files.  Hence after the installation of such a
system, I can't login.

The solution would be to conditionally comment a few bits of the pam
configuration file.  Do we want that?  I don't think it would be too
difficult.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

--uwB7x3tnyrZQfZJI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBQi2eM9goQloHrPnoAQIyFwf+OOMko5yTUpEIOV66X1T95Li9L7swAgJb
CoYmiMfF4vM2mW3YHRgEypVvORUiGoUbXMTpxbfdqIqL119idSH44Gmu1wdAkGNj
c68R04p70zn3jh85E4sZYbE8Uxvaz6OkI+BA0rENYYa/2F3xKApnJLjIWOQ3hb0s
y80JNjODimf79tec95AGt80KvJYPME558188czG2iuD14HYUAHQnmoBVoQn3exwQ
lOBsIrV8HaTCVf0HaNnfq62rrQwbgxUxaN1/h2mdWVUhAR0Rb0aRCdgCkoI9uUWR
dIsQCLpAy8eFGBUKaLKm9TFH2QLYpzJS1FGvVZ/kCWTdHaRSXZyXIA==
=uxw/
-----END PGP SIGNATURE-----

--uwB7x3tnyrZQfZJI--