[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: *security* of PAMs



On Wed, 4 Sep 1996, The Breather of Life wrote:

> My discomfort arises from the lack of experience `the world' has had
> with these modules.  I know that they are designed by security-aware
> programmers, and they are trying to take everything into account,

There have been, and will be problems (if you think there won't be you are
deceiving yourself ;-) but these modules have been written with concern
given to security. 

> but
> no software is written with the intent on being intentionally
> insecure...

Most likely true - but a LOT of software, especially the relics from older
packages derived from BSD, are not written with the intent of being
secure.

> My question is not in the programmers' abilities, but in the overall
> performance and security of the modules.  Is there any kind of
> reassurance or any test-results that indicate it's ability to
> withstand attacks?

Is there any reassurance that the login you use now is any more secure
than the PAMified login, which doesn't make any major changes to the
standard login?

> In addition to the people implementing it, is anybody working on
> *breaking* it?  (Better now than when it's being depended on.)

I think it needs to be done - you feel like taking on the project? ;-)

-- Elliot

------------------ PGP.ZIP Part [012/713] -------------------
M833Z0X.[3:D+3N!C9&(:HM$<'G!`60#M@+,X"1.F(`(M<8/Z^;4B)CQIF2#[
M$3G8@]58@!%H`$L+QBQ.82ZZHR746$W,/[5)D!W%'FQ&*M[#!+P!>_S9FGAP
M`5]@.Y9A#D:@-QK"'95!K(WX'/,Q&1U0#ZYX0LR%^!8'L0VK,`\#,3TD058;
-------------------------------------------------------------
For next chunk to export --> http://dcs.ex.ac.uk/~aba/export/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []