it is about PAM - Slackware

This is a discussion on it is about PAM - Slackware ; Hi all Slackers. Until now I claimed I do not need PAM, yet today I had to change my mind- yes, it's about fork bomb. I am fully aware how /etc/limits works though my machine must allow agetty logins as ...

+ Reply to Thread
Results 1 to 20 of 20

Thread: it is about PAM

  1. it is about PAM

    Hi all Slackers.

    Until now I claimed I do not need PAM, yet today I had to change my mind-
    yes, it's about fork bomb.

    I am fully aware how /etc/limits works though my machine must allow agetty
    logins as well so it is useless. Cutting long story short, I really need
    resources limits per user, not session or shell- any limits I thought of,
    right after I was able to think how to bridge it. Period. I also know the
    process of making Slackware using PAM and I know how irritating is keeping
    up to date all the packages involved (Extended Slackware seems to be dead
    for good).

    So the question is why we do not have PAM implemented yet?

    Of course I am looking forward to tech answers not like: "Because Pat does
    not like it". I know this matters returns from time to time though I was
    never able to draw reasonable conclusion from so called discussion. On the
    other hand PAM is on Slackware next.version wish list for long long time.
    I am not novelty freak though frankly speaking, I have a slight feeling
    that we lagged behind a bit comparing to other distros and general trends
    (to mention SELinux, virtualisation, 64 bits) and today sad experience was
    my eye opener .

    A bit frustrated

    --
    luk


  2. Re: it is about PAM

    On Fri, 25 Jul 2008 00:00:23 +0200, lukaswu wrote:

    > Hi all Slackers.

    ..................
    > So the question is why we do not have PAM implemented yet?
    >
    >.....................


    Pat doesn't like it!

    Seriously, if you must have it, install dropline gnome.

    John

  3. Re: it is about PAM


    > Pat doesn't like it!


    I guess there are more things he doe not like (bet on buggy FF browser),
    though they included.
    >
    > Seriously, if you must have it, install dropline gnome.
    >

    Dropline messes up the system and gives some unpredictable aspects to the
    system so I'd rather choose other solutions, yet I do not dare mention
    them not to be flamed...

    --
    luk

  4. Re: it is about PAM

    On 2008-07-24, lukaswu wrote:
    >
    > So the question is why we do not have PAM implemented yet?


    Because Pat does not like it.

    > Of course I am looking forward to tech answers not like: "Because Pat does
    > not like it". I know this matters returns from time to time though I was
    > never able to draw reasonable conclusion from so called discussion. On the
    > other hand PAM is on Slackware next.version wish list for long long time.


    On yours, perhaps.

    There is a reason Pat doesn't like it: historically it's been full of
    security holes.

    > A bit frustrated


    Well, you have two Choices: do it yourself, or switch to a PAM distro.
    If you *really* *need* PAM, then perhaps you need PAM more than you need
    Slackware. This is why Choice Is Good: you're not subject to Pat's whim
    when it comes to software decisions.

    --keith

    --
    kkeller-usenet@wombat.san-francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
    see X- headers for PGP signature information


  5. Re: it is about PAM

    >
    > On yours, perhaps.


    I am afraid not only, which can be clearly seen via google, though so far
    I ignored that too.
    >
    > There is a reason Pat doesn't like it: historically it's been full of
    > security holes.
    >


    Full of security holes- comparing to what? ssh? firefox? kernel? Is it not
    just a sweeping statement?

    >> A bit frustrated

    >
    > Well, you have two Choices: do it yourself, or switch to a PAM distro.
    > If you *really* *need* PAM, then perhaps you need PAM more than you need
    > Slackware. This is why Choice Is Good: you're not subject to Pat's whim
    > when it comes to software decisions.


    I am not more lazy than any other admin, that's why I would like to see
    PAM included in Slackware cause the other option is even more requring
    from me- I want to keep Slackware on as many machines as possible and keep
    my old customs.

    --
    luk

  6. Re: it is about PAM

    On Fri, 25 Jul 2008 21:38:31 +0200, lukaswu wrote:

    > I am not more lazy than any other admin, that's why I would like to see
    > PAM included in Slackware cause the other option is even more requring
    > from me- I want to keep Slackware on as many machines as possible and keep
    > my old customs.


    Well, then email Pat and let him know how you feel. What the **** do you
    expect anyone in this newsgroup to do about your "problem"?

    If you need PAM that bad, switch distros. We can't change Slackware
    for you.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    The Usenet Improvement Project: http://improve-usenet.org


  7. Re: it is about PAM

    lukaswu wrote:
    > So the question is why we do not have PAM implemented yet?


    You will find an official statement about PAM in the ChangLog.txt for
    Slackware 9.1:

    -8<-----------------------------------------
    n/openssh-3.7.1p2-i486-1.tgz: Upgraded to openssh-3.7.1p2.
    This fixes security problems with PAM authentication. It also includes
    several code cleanups from Solar Designer. Slackware does not use PAM and is
    not vulnerable to any of the fixed problems.
    Please indulge me for this brief aside (as requests for PAM are on the rise):
    If you see a security problem reported which depends on PAM, you can be
    glad you run Slackware. I think a better name for PAM might be SCAM, for
    Swiss Cheese Authentication Modules, and have never felt that the small
    amount of convenience it provides is worth the great loss of system
    security. We miss out on half a dozen security problems a year by not
    using PAM, but you can always install it yourself if you feel that
    you're missing out on the fun. (No, don't do that)
    OK, I'm done ranting here. :-)
    I suppose this is still a:
    (* Security fix *)
    -8<-----------------------------------------

    regards Henrik
    --
    The address in the header is only to prevent spam. My real address is:
    hc3(at)poolhem.se Examples of addresses which go to spammers:
    root@localhost postmaster@localhost


  8. Re: it is about PAM

    >
    >> I am not more lazy than any other admin, that's why I would like to see
    >> PAM included in Slackware cause the other option is even more requring
    >> from me- I want to keep Slackware on as many machines as possible and keep
    >> my old customs.

    >
    > Well, then email Pat and let him know how you feel. What the **** do you
    > expect anyone in this newsgroup to do about your "problem"?


    Sure, I will. It is more about future of the Slackware and where it goes
    to...

    >
    > We can't change Slackware
    > for you.
    >

    Did I say something like this anywhere? It is more about pros and against
    PAM, if you missed the point.

    --
    luk


  9. Re: it is about PAM

    On Fri, 25 Jul 2008, lukaswu wrote:

    >> Well, you have two Choices: do it yourself, or switch to a PAM distro.
    >> If you *really* *need* PAM, then perhaps you need PAM more than you need
    >> Slackware. This is why Choice Is Good: you're not subject to Pat's whim
    >> when it comes to software decisions.

    >
    > I am not more lazy than any other admin, that's why I would like to see PAM
    > included in Slackware cause the other option is even more requring from me- I
    > want to keep Slackware on as many machines as possible and keep my old
    > customs.


    Get over it, it is not going to happen, many of us agree with Pat, clearly
    Slackware is not for you, in the couple days you have trolled here, you
    could rather easily have deleted Slackware and installed RH systems wich
    is full of your PAM crud... Oh and if you think PAM is better able to
    control user resources you are in for one hell of a shock, move on, or
    change distros, stop trolling.




    --
    Cheers
    Res
    --- Usenet policy, and why I might ignore you ---
    1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

    2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

  10. Re: it is about PAM

    I am pleased - most pleased - that Slackware still doesn't incorporate
    PAM! I haven't done a recent install to check it yet, but I'm sure
    I'll be delighted. And I don't want PAM added in future, either.

    It's true, you know - PAM is a security disaster waiting to strike:
    loading dynamic modules as root, validating untrustworthy data as the
    root, needless complexity for frighteningly little gain, inconsistent
    usage among applications which often reimplement much of PAM's
    functionality in their own libraries - the list goes on.

    If you care about global configuration like that provided by some of
    PAM, like consistently-used ulimits, try GRSecurity - http://www.grsecurity.net/
    .. There's a very good chance you can deal with your problem in the
    kernel, where it belongs, and it makes a fine replacement for SELinux
    too. I used to use it, but some of my statically linked proprietary
    binaries had trouble and kernel revisions were moving too fast for me
    to keep up with Gentoo's hardened-sources and still keep my patches
    working; but you obviously want it so you can build your own kernels.

    Cheers,
    Sabahattin

  11. Re: it is about PAM

    >
    > If you care about global configuration like that provided by some of
    > PAM, like consistently-used ulimits, try GRSecurity - http://www.grsecurity.net/
    > . There's a very good chance you can deal with your problem in the
    > kernel, where it belongs, and it makes a fine replacement for SELinux
    > too. I used to use it, but some of my statically linked proprietary


    Thank you and Henrik for any essential comments- so rare nowadays. I
    prepare my own kernel anyway so I will give a try to grsecurity patches.

    Thanks again.

    --
    luk

  12. Re: it is about PAM

    Dan C trolled:
    > On Fri, 25 Jul 2008 21:38:31 +0200, lukaswu wrote:
    >
    >> I am not more lazy than any other admin, that's why I would like to see
    >> PAM included in Slackware cause the other option is even more requring
    >> from me- I want to keep Slackware on as many machines as possible and keep
    >> my old customs.

    >
    > Well, then email Pat and let him know how you feel. What the **** do you
    > expect anyone in this newsgroup to do about your "problem"?
    >
    > If you need PAM that bad, switch distros. We can't change Slackware
    > for you.


    Hey, stupid! If a significant amount of people in this group did
    want Pam and they did email Pat, and assuming that a significant
    number of those people were among the dozen or so that actually pay
    for slackware, then Pat would waste no time at all including Pam.

    Have we told you to bugger off lately? No?

    Bugger off.

    cordially, as always,

    rm

  13. Re: it is about PAM

    Res trolled:
    > On Fri, 25 Jul 2008, lukaswu wrote:
    >
    >>> Well, you have two Choices: do it yourself, or switch to a PAM distro.
    >>> If you *really* *need* PAM, then perhaps you need PAM more than you need
    >>> Slackware. This is why Choice Is Good: you're not subject to Pat's whim
    >>> when it comes to software decisions.

    >>
    >> I am not more lazy than any other admin, that's why I would like to see PAM
    >> included in Slackware cause the other option is even more requring from me- I
    >> want to keep Slackware on as many machines as possible and keep my old
    >> customs.

    >
    > Get over it, it is not going to happen, many of us agree with Pat,


    There is no "us" where you are concerned, grasshopper. You are all
    alone in your solitary ignorance.

    Bugger off.

    cordially, as always,

    rm

  14. Re: it is about PAM

    On Sun, 27 Jul 2008, rm@big.justlinux.ca wrote:

    >> Get over it, it is not going to happen, many of us agree with Pat,

    >
    > There is no "us" where you are concerned, grasshopper. You are all
    > alone in your solitary ignorance.


    why are you still here troll? I thought you went and starting sleeping
    with your new love, XP, be gone ****tart..go back to screwing your brother


    --
    Cheers
    Res
    --- Usenet policy, and why I might ignore you ---
    1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

    2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

  15. Re: it is about PAM

    lukaswu wrote:


    > Dropline messes up the system and gives some unpredictable aspects to the
    > system so I'd rather choose other solutions, yet I do not dare mention
    > them not to be flamed...
    >

    Ubuntu? ;-)
    --
    http://www.petezilla.co.uk

  16. Re: it is about PAM

    On Fri, 25 Jul 2008 23:36:27 +0200, lukaswu wrote:

    >> Well, then email Pat and let him know how you feel. What the **** do
    >> you expect anyone in this newsgroup to do about your "problem"?


    > Sure, I will. It is more about future of the Slackware and where it goes
    > to...


    Well, then email Pat and tell him you're worried about the future of
    Slackware, and think he should include PAM to ensure it's success. I'm
    sure he'll get a good laugh out of that. Don't worry your little brain
    about Slack's future...

    >> We can't change Slackware for you.


    > Did I say something like this anywhere? It is more about pros and
    > against PAM, if you missed the point.


    Yes, you did. You want Slackware changed to include PAM. Most veteran
    Slackware users don't want that. I didn't miss any point, dimwit.

    Bugger off.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    The Usenet Improvement Project: http://improve-usenet.org


  17. Re: it is about PAM

    On Sun, 27 Jul 2008 21:07:36 +0000, rm trolled:

    >> Well, then email Pat and let him know how you feel. What the **** do
    >> you expect anyone in this newsgroup to do about your "problem"?


    >> If you need PAM that bad, switch distros. We can't change Slackware for
    >> you.


    > Hey, stupid! If a significant amount of people in this group did want Pam
    > and they did email Pat, and assuming that a significant number of those
    > people were among the dozen or so that actually pay for slackware, then
    > Pat would waste no time at all including Pam.


    Wrong, dimwit. First off all, it's been pretty clear over the years that
    a "significant amount" of people here *don't* want it. Secondly, there's
    far more than "a dozen" who actually pay for Slackware, and that wouldn't
    be likely to influence the decision, anyway.

    > Have we told you to bugger off lately? No?
    > Bugger off.


    Same to you, doofus. Bugger off.

    > cordially, as always,


    Smeg off, troll.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    The Usenet Improvement Project: http://improve-usenet.org


  18. Re: it is about PAM

    Dan C trolled:

    > Yes, you did. You want Slackware changed to include PAM. Most
    > veteran Slackware users don't want that.


    Wrong. Most "veteran" Slackware users don't give a damn, one way or
    the other, whether PAM is included. But none of us are willing to
    treat you in a civil manner, so you're excused...

    > I didn't miss any point, dimwit.


    Well, yeah, you did. By about a mile. As usual.

    > Bugger off.


    That's our line. Try something else.

    Or you can just bugger off.

    Why don't you get together with The Coward and help him figure out
    which toilet paper dispenser works best for "Official" manuals.

    cordially, as always,

    rm

  19. Re: it is about PAM

    Dan C trolled:

    > Wrong, dimwit. First off all, it's been pretty clear over the
    > years that a "significant amount" of people here *don't* want it.
    > Secondly, there's far more than "a dozen" who actually pay for
    > Slackware,


    Not here. Not in this newsgroup.

    Bugger off.

    cordially, as always,

    rm

  20. Re: it is about PAM

    On Thu, 31 Jul 2008, rm@big.justlinux.ca wrote:

    >
    > Dan C trolled:
    >
    >> Wrong, dimwit. First off all, it's been pretty clear over the
    >> years that a "significant amount" of people here *don't* want it.
    >> Secondly, there's far more than "a dozen" who actually pay for
    >> Slackware,

    >
    > Not here. Not in this newsgroup.


    you wouldnt know troll



    --
    Cheers
    Res
    --- Usenet policy, and why I might ignore you ---
    1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

    2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

+ Reply to Thread