Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: None <email@example.com>
From: Michael Richardson <firstname.lastname@example.org>
Date: 07/03/2000 07:09:02
>>>>> "Giles" == Giles Lean <email@example.com> writes:
Giles> PAM is currently used by HP-UX, Linux, Solaris, and probably more
Giles> systems that I don't know about. I don't think a "big worry" is
Giles> necessary for PAM merely on the grounds that it uses dynamically
Giles> loaded modules.
It is to me. It isn't just security, it is also reliability.
It means that it both another set of binaries that must be "protected"
and more importantly, it means a set of files that must all be kept
synchronized during system upgrades.
Linux and Solaris do not let you build a true static binary (they always
dynamic load PAM, nsswitch/libresolv) which makes it hard to build binaries
for emergency maintainance.
] Planes have DC now, but not this one. Trains have more power. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [