[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /etc/pam.d/files



On Fri, 18 Aug 2000, Nalin Dahyabhai wrote:

> On Fri, Aug 18, 2000 at 10:31:31AM -0500, Steve Langasek wrote:
> > I personally think it would be good if distributions took this route.
> > RedHat's default for /etc/pam.d/other right now is to use pam_deny for
> > everything, but this really seems unnecessary to me when the config file could
> > be put to much better use.

> You want an otherwise-unconfigured service to default to deny, so that
> you know you haven't left any doors open that you didn't mean to.

Nalin,

I understand the reasoning behind these defaults, I just disagree that they're
necessary. :)  I don't see how installing a PAM-based service on the system
and allowing it to use the configured defaults constitutes leaving a door open
if /etc/pam.d/other represents the system policy.  What harm do you see coming
from setting up a distribution so that the account and password stacks, for
instance, are allowed to fall back to a system policy set in /etc/pam.d/other?

Steve Langasek
postmodern programmer






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []