[Thus spake John Nemeth ("JN: ") 2:54am...]

JN: } Comparing it to /etc/passwd is not fair.
JN:
JN:      Sure it is.

Sure...in the same way that you are saying that "well, we've added this
thing called a security ignition to your car, so you must now not only
put in the key to the ignition, but you must mumble a serial number
backwards in Swahili before it will let you engage the starter.  Free
of charge.  Figured we'd put it in while we fixed your tire.  You don't
mind this, do you?  It's all the rage these days, you know."

JN: } It was and is always needed, but PAM was not needed before so you
JN: } have problems if you do an update.
JN:
JN:      There's lots of things that are always needed.  Adding one more
JN: thing doesn't make the situation significantly worse.

("Um, yes, hi.  I'd like to report a POLA violation, please...")

It does if the default is to lock you out.  That's pretty astonishing
to me.

JN: } So what happens if do an update?
JN: }
JN: } Right now you could update the system without populating /etc before
JN: } you boot with the new binaries, ok something could fail, but not in
JN: } such a major way that you could no longer login.
JN:
JN:      What happens if you update userland and don't put in a new
JN: kernel?  There are lots of ways that you can screw up an update.

You're dodging his question.

JN: } IMHO we need at least same sane defaults if /etc/pam.d doens't exist
JN: } or contains not files.
JN:
JN:      It's called /rescue.

That's a fine piece of management, there.

Neither /rescue NOR pam should ever be required, IMO.  But then, "Ahhh,
WTF does *he* know?", right?

JN: }-- End of excerpt from Bernd Ernesti

				--*greywolf;
--
[ ] PEACE    [ ] FREEDOM	Pick one.