[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM Authentication Patch
From: |
Mark D. Baushke |
Subject: |
Re: PAM Authentication Patch |
Date: |
Mon, 21 Jun 2004 00:25:01 -0700 |
Chad Walstrom <address@hidden> writes:
> Chad Walstrom wrote:
> > We should make it abundantly clear in the
> > documentation that use of PAM authentication
> > should be thoroughly protected. If such
> > measures cannot be taken, don't enable PAM.
>
> Additionally, we can't always assume that
> because something uses PAM, it'll authentication
> against system accounts. There are dbm modules,
> ldap modules, etc. that can be used for account
> management.
While I do understand that it is *possible* to
enable PAM and not endanger other applications or
systems. I also understand that very few people or
organizations will consider keeping such things
separate in such a safe configuration unless the
documentation clearly states that there are
security implications to be considered.
Yes, I am being paranoid. right now it seems
fairly clear that gnatsd authentication is not
very strongly protected. Folks are more likely to
believe something is 'secure' if it can talk to
PAM even though there may be explicit basis for
that belief.
-- Mark
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, (continued)
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Chad C. Walstrom, 2004/06/10
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Mel Hatzis, 2004/06/11
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Andrew Gray, 2004/06/12
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Yngve Svendsen, 2004/06/10
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Pankaj K Garg, 2004/06/14
- Re: PAM Authentication Patch, Chad Walstrom, 2004/06/21