[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Does pam_env.so work?



 
> Seth Chaiklin wrote:
>> On Thu, 5 Nov 1998, Andrew Morgan wrote:
>>> Does this help clarify the situation?
>> 

	...
 
>> I think I'll wait for Jim Dennis's promised article (-:
> I suspect Jim is waiting for the documentation to be clearer...

	Actually I'm trying to finish a boot on Linux Systems
	Administration.  My earlier effort (fanning some activity
	on the mailing list) was in the hopes that this project
	would mature a bit more so I could write that part of the
	book (and an article could be snuck out of that).

	I hate to write anything on this subject at this point
	because:

		I don't really know or understand what PAM Linux
		is doing right now.

		I don't know what its *supposed* to be doing.

		I get the feeling that some of what it *is* doing
		doesn't match what it *should* be doing.

		It seems like it's like to change out from under me.

	... when I ask:  "1.x, When?"  --- THAT'S WHAT I MEAN.
 
>> I am sure the PAM libraries do what they are supposed to do,
>> and that the "rules" are documented in the RFC and API.
 
> I'm not.  Problem reports are one thing that will improve PAM. Without
> some documentation, people have a hard time knowing what to expect.
 
>> But it seems that the existing modules and the interactions between
>> applications and modules are not always corresponding to
>> the visions that the docs are presenting.  Is that fair
>> to say?
 
> In general, people use the default settings.  By experimenting
> with things, you are pushing the envelope and will find
> documentation problems and bugs in modules too... I hope!

	EEEK! WARNING, WARNING!  This is BAD, BAD, BAD! 

	What the hell is the point of PAM if changing the 
	configuration from the defaults is "pushing the 
	envelope"?

	ARGH!!! 

	How can I get my authentication configuration to model my
	security policy if I can *CONFIGURE* anything?

>> I like PAM, but it is also "caveat emptor"
 
> The buyer may have to beware, but I'd like to offer the alterative
> philosophy that everything is hard before it is easy.. Please
> continue to ask questions, and please continue to submit snippets
> of text for the documentation (this goes for everyone!).  So far
> you've added about a page of text to the admin guide.  I've just
> added a note on this issue to the module writer's guide to reflect
> the above problem too.
 
> So thanks!
> Andrew
 
--
Jim Dennis  (800) 938-4078		consulting@starshine.org
Proprietor, Starshine Technical Services:  http://www.starshine.org



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []