Re: BSD Auth

["Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost>]

On 19-Aug-08, at 12:23 AM, SODA Noriyuki wrote:

> > > > > > On Mon, 18 Aug 2008 14:12:10 -0400,
>         "Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost> said:
>
> > Previous discussions resulted in nothing really and PAM was blasted
> > into the tree without taking into account any technical
> > considerations.
>
> Such summary is unfair.

I think it's pretty fair.  No consensus was reached on the contentious  
points

> From some points of view, PAM is more secure than BSD Auth, and that
> was one of reasons why PAM was choosed.

I've never seen any real technical evaluation showing PAM to be more  
secure.

Show me where the evaluation is.


> With PAM, password attack can be only done via programs who already
> own root privilege.  With BSD auth, anyone can do password attack.
> For practical example, "pkgsrc/security/pam-pwauth_suid" implements
> restriction that a user can try only his own password.  BSD auth opens
> wider window against such attack.

I'm not sure what you're trying to show here.  Your second two  
sentences don't even seem to follow from the first two.

I'm also not sure why BSD Auth cannot also provide the same kind of  
restriction, though the very desire to do so requires separate  
evaluation of the policies defining who can gain root privs and how  
they must do so.

> Another reason is that some features like Kerberos credential handling
> cannot be implemented by BSD auth.

Actually that's not true at all.

It may not have been done, but that's far from saying it's impossible.

I don't remember the details or even where and when I posted it but I  
believe even I was able to show how Kerberos credentials could be  
handled without resorting to PAM or anything like it.

--
                                        Greg A. Woods; Planix, Inc.
                                        <woods%planix.ca@localhost>