current-users: Re: pam dying in upgrade

Subject: Re: pam dying in upgrade
To: Peter Seebach <seebs@plethora.net>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: current-users
Date: 09/19/2005 18:07:09
On Feb 9,  2:30pm, Peter Seebach wrote:
} In message <200509200044.j8K0ieF0015596@vtn1.victoria.tc.ca>, John Nemeth write
} s:
} >     This would essentially require maintaining N different
} >authentication systems since on a "traditional UNIX box", every
} >application handled authentication itself.  This simply isn't going to
} >happen (not speaking for NetBSD, etc.).  This is one of the problems
} >that PAM is designed to fix.
} 
} The core system applications had a standard API (getpwent, et al.) for 
} this...

     Great, so you've covered things that can easily be handled through
nsswitch (i.e. /etc/passwd, NIS, Hesiod).  What happens if
/etc/nsswitch.conf is missing or a specified nsswitch module is
missing?  What happens if there is some new scheme for encrypting
passwords and the application doesn't handle it properly?  What happens
if you are using Kerberos, S/Key, a smartcard, or something else that
can't be handled by a simple getpwnam()?  How does the application
decide when to fall back to its internal authentication handler and
when to bail?  Why should the developers have to maintain N different
authentication systems?  Are you volunteering to do this work?

} >     Question:  what would happen on a BSD Auth based system if the
} >Auth configuration files were missing?  Would it just guess at what to
} >do, or would it abort?
} 
} In the absence of login.conf (the only configuration file it uses), I think
} the system may default to login_passwd.

     In other words, guess at what to do.  Not everybody would consider
this the proper thing to do.

} The comparatively simple configuration is sort of a plus.  :)

     I don't find PAM configuration particularly difficult.

} >} And remember, an NFS filesystem mounted without nosuid can save your life.
} 
} >     So can /rescue.
} 
} Not useful in this case.  The question is "how do I get this machine cleanly
} shut down so I can boot single-user" or otherwise "how can I get sysadmin
} privileges".  Tragically, my notion of /rescue/rootshell has never gone over
} well.  :p

     If you have an ATX power supply and powerd is running, you can
just poke the power button.  I understand the problem, but there are
many things that can prevent a clean shutdown.  The problem with
/rescue/rootshell is how to get it always do the right thing in a
secure way.  At some point, you're just going to have type 'sync' and
do it the hard way, and hope no filesystems are badly corrupted.

}-- End of excerpt from Peter Seebach