[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: shadow-960910

On Thu, 12 Sep 1996, Elliot Lee wrote:

> > 	- access control based on origin will be available in 0.53
> What do you mean by origin?
> If you are talking about remote hostname, that is NOT a good idea to
> control through login/PAM/shadow/etc. Use TCP Wrappers.

Well, tell me how can you configure that root is allowed to log in with 
telnet from host.dom.ain and deny from the rest of the world, that's 
fine. Or not root - consider a bbs account and restrict the access from 
the terminal server and console only to the bbs account. Or... more 
examples ?

> > 	- password aging present with shadow implementation (pam_unix);
> Already in there.

Incomplete, I think. Last time I checked, redhat pam_unix_passwd did not 
reset the last change date when changing passwords. Did not support MD5. 
Let's not start a version-feature-war, it is already there in a form or 
another. This is important. We are not at the final stage, yet.

> > 	- cracklib will be available in 0.53 (pam_cracklib)
> Cracklib support is already *IN* the pam_unix_passwd module that Red Hat
> uses.

Well, it is missing in 0.52 and I hope to see it in 0.52... Can I help 
here ?

> > 	- shadow group support I hope to get it done in 0.53 too;
> > 	- console groups - still missing;
> Not true. Witness the pam_group module ;-)

Mea culpa.

> Hmm... What of the shadow utils need to be PAMified?

Login, su, sg, logoutd, passwd ...

		Cristian Gafton
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
http://www.cccis.ro                               Fax: +40-32-252933
UNIX is user friendly. It's just selective about who its friends are.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []