Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: slow su? [solved]

On Sat, Aug 13, 2011 at 04:23:55PM -0700, John Nemeth wrote:
 > } Yup. I was told that the fix I proposed (causing missing modules to
 > } always fail) was unacceptable. Apparently the PAM semantics are so
 > } fragile that any change to make it more robust also makes it fail open
 > } in obscure ways, or something like that.
 >      If I recall right, my reading of the PAM spec was that it should
 > ignore missing modules, but I don't have the spec in front of me at the
 > moment.  When I asked you about it, you just handwaved and said that
 > somebody you know that is supposedly a PAM expert said it would be a
 > bad idea without providing any details.  I sure would like to know why
 > we shouldn't just follow the spec...

I no longer remember who I was talking to then, but if it wasn't you
chances are it was one of the linux-pam people. My vague recollection
is that it was you that told me it wasn't acceptable but I guess that
must be entirely wrong.

David A. Holland

Home | Main Index | Thread Index | Old Index