On Jul 29,  5:17am, Bernd Ernesti wrote:
} On Tue, Mar 08, 2005 at 01:07:34AM -0800, John Nemeth wrote:
} > On Jul 29,  2:03am, Bernd Ernesti wrote:
} > } On Mon, Mar 07, 2005 at 11:17:29PM -0500, Christos Zoulas wrote:
} > } 
} > } > We have changed PAM to fail closed. I.e. a missing PAM configuration will
} > } > default to fail authentication as opposed to allow it. We are still
} > } > thinking of adding even more strict checks in the authentication path, so
} > } > that incorrect configurations will not default to allow someone access.
} > } 
} > } So this means that you can no longer login if you don't have an /etc/pam.d
} > } or an empty one?
} > 
} >      If /etc/pam.d is empty then there would be nothing to tell PAM
} > which authentication modules to use, so why would you expect it to
} > work?  This would be sort of like deleting /etc/passwd.
} 
} Comparing it to /etc/passwd is not fair.

     Sure it is.

} It was and is always needed, but PAM was not needed before so you
} have problems if you do an update.

     There's lots of things that are always needed.  Adding one more
thing doesn't make the situation significantly worse.

} So what happens if do an update?
} 
} Right now you could update the system without populating /etc before
} you boot with the new binaries, ok something could fail, but not in
} such a major way that you could no longer login.

     What happens if you update userland and don't put in a new
kernel?  There are lots of ways that you can screw up an update.

} Updates of /etc is allways not easy.

     Have you done an update recently?  postinstall does a wonderful
job of updating /etc.  I won't say that it is perfect, but it does make
the process nearly painless.  I do understand the pain of updating /etc
in the past.  The first time I saw postinstall run, I was amazed.  If
you use sysinst, it will do the right thing.  If you do it by hand,
then you better run postinstall or update /etc by hand.

} I'm not feeling very comfortable with changing the security
} infrastructure at this point.

     If not during a major upgrade, then when should it be done?  The
bottom line is that it needed to be done at some point.  Given how far
behind the curve ball NetBSD is on this one, I think the sooner the
better.

} IMHO we need at least same sane defaults if /etc/pam.d doens't exist
} or contains not files.

     It's called /rescue.

}-- End of excerpt from Bernd Ernesti