[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: *security* of PAMs

On Wed, 4 Sep 1996, The Breather of Life wrote:

> My discomfort arises from the lack of experience `the world' has had
> with these modules.  I know that they are designed by security-aware
> programmers, and they are trying to take everything into account,

There have been, and will be problems (if you think there won't be you are
deceiving yourself ;-) but these modules have been written with concern
given to security. 

> but
> no software is written with the intent on being intentionally
> insecure...

Most likely true - but a LOT of software, especially the relics from older
packages derived from BSD, are not written with the intent of being

> My question is not in the programmers' abilities, but in the overall
> performance and security of the modules.  Is there any kind of
> reassurance or any test-results that indicate it's ability to
> withstand attacks?

Is there any reassurance that the login you use now is any more secure
than the PAMified login, which doesn't make any major changes to the
standard login?

> In addition to the people implementing it, is anybody working on
> *breaking* it?  (Better now than when it's being depended on.)

I think it needs to be done - you feel like taking on the project? ;-)

-- Elliot

------------------ PGP.ZIP Part [012/713] -------------------
For next chunk to export --> http://dcs.ex.ac.uk/~aba/export/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []