Subject: Re: pam dying in upgrade
To: Peter Seebach <email@example.com>
From: John Nemeth <firstname.lastname@example.org>
Date: 09/19/2005 18:07:09
On Feb 9, 2:30pm, Peter Seebach wrote:
} In message <200509200044.j8K0ieF0015596@vtn1.victoria.tc.ca>, John Nemeth write
} > This would essentially require maintaining N different
} >authentication systems since on a "traditional UNIX box", every
} >application handled authentication itself. This simply isn't going to
} >happen (not speaking for NetBSD, etc.). This is one of the problems
} >that PAM is designed to fix.
} The core system applications had a standard API (getpwent, et al.) for
Great, so you've covered things that can easily be handled through
nsswitch (i.e. /etc/passwd, NIS, Hesiod). What happens if
/etc/nsswitch.conf is missing or a specified nsswitch module is
missing? What happens if there is some new scheme for encrypting
passwords and the application doesn't handle it properly? What happens
if you are using Kerberos, S/Key, a smartcard, or something else that
can't be handled by a simple getpwnam()? How does the application
decide when to fall back to its internal authentication handler and
when to bail? Why should the developers have to maintain N different
authentication systems? Are you volunteering to do this work?
} > Question: what would happen on a BSD Auth based system if the
} >Auth configuration files were missing? Would it just guess at what to
} >do, or would it abort?
} In the absence of login.conf (the only configuration file it uses), I think
} the system may default to login_passwd.
In other words, guess at what to do. Not everybody would consider
this the proper thing to do.
} The comparatively simple configuration is sort of a plus. :)
I don't find PAM configuration particularly difficult.
} >} And remember, an NFS filesystem mounted without nosuid can save your life.
} > So can /rescue.
} Not useful in this case. The question is "how do I get this machine cleanly
} shut down so I can boot single-user" or otherwise "how can I get sysadmin
} privileges". Tragically, my notion of /rescue/rootshell has never gone over
} well. :p
If you have an ATX power supply and powerd is running, you can
just poke the power button. I understand the problem, but there are
many things that can prevent a clean shutdown. The problem with
/rescue/rootshell is how to get it always do the right thing in a
secure way. At some point, you're just going to have type 'sync' and
do it the hard way, and hope no filesystems are badly corrupted.
}-- End of excerpt from Peter Seebach