PAM

Old stuff that should not bother anyone anymore
User avatar
thenktor
Salix Wizard
Posts: 2426
Joined: 6. Jun 2009, 14:47
Location: Franconia
Contact:

PAM

Post by thenktor » 15. Jun 2009, 13:09

Pluggable Authentication Modules

Slackware doesn't use PAM, Zenwalk uses PAM. What are the advantages/disadvantages of PAM? Do we want to use it? AFAIK every modern distribution uses it but I have no idea why?
Image
burnCDDA (burns audio CDs)
geBIERt (German beer blog)

User avatar
Sparky
Posts: 30
Joined: 11. Jun 2009, 16:26
Location: Terra
Contact:

Re: PAM

Post by Sparky » 15. Jun 2009, 16:02

Using PAM allows you to use things like fingerprint readers and webcam facial recognition as login credentials through a plugin system. That's all I've ever used it for, anyway, perhaps it does other stuff too. It's certainly no big deal if we don't have PAM though, I never used those gimmicky login devices for more than just fun purposes.

User avatar
thenktor
Salix Wizard
Posts: 2426
Joined: 6. Jun 2009, 14:47
Location: Franconia
Contact:

Re: PAM

Post by thenktor » 15. Jun 2009, 17:16

Hmm, I know that there are a lot notebooks with these fingerprint sensors.
Image
burnCDDA (burns audio CDs)
geBIERt (German beer blog)

User avatar
gapan
Salix Wizard
Posts: 5595
Joined: 6. Jun 2009, 17:40

Re: PAM

Post by gapan » 15. Jun 2009, 17:18

It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
Image
Image

Shador
Posts: 1295
Joined: 11. Jun 2009, 14:04
Location: Bavaria

Re: PAM

Post by Shador » 15. Jun 2009, 22:09

That's why I type in my password plain. :)

If there a no real arguments for PAM, I don't see why we should add it because my impression was also that it's just complicating things (e.g. autologin you get that lastlogin message).
Image

.:B:.
Posts: 34
Joined: 7. Jun 2009, 16:58

Re: PAM

Post by .:B:. » 15. Jun 2009, 23:26

gapan wrote:And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
As I understood it PAM allows for more fine-grained control. I have noticed the slowdown too; I didn't know PAM was responsible for that.

As for fingerprint readers - they're crap and give a false sense of security. You don't need high tech gear to duplicate fingerprints (as the German C't magazine once tested).

User avatar
Sparky
Posts: 30
Joined: 11. Jun 2009, 16:26
Location: Terra
Contact:

Re: PAM

Post by Sparky » 16. Jun 2009, 04:55

gapan wrote:It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
In that case, I vote a thousand times against including PAM. That little delay doesn't seem like much, but I su a lot, and the delay really gets to me.

User avatar
JRD
Salix Warrior
Posts: 949
Joined: 7. Jun 2009, 22:52
Location: Lyon, France

Re: PAM

Post by JRD » 16. Jun 2009, 08:37

Decision taken too quickly.
We must search the benefits of PAM (we already found one), the disavantages (we already found one), and take a dicision uppon this.
What do you think ?
Image

.:B:.
Posts: 34
Joined: 7. Jun 2009, 16:58

Re: PAM

Post by .:B:. » 16. Jun 2009, 09:50

I think it certainly merits an in-depth study JRD :). Excellent point.

This is what Red Hat lists as its advantages:
* It provides a common authentication scheme that can be used with a wide variety of applications.
* t allows great flexibility and control over authentication for both the system administrator and application developer.
* t allows application developers to develop their program without implementing a particular authentication scheme. Instead, they can focus purely on the details of their program.

User avatar
JRD
Salix Warrior
Posts: 949
Joined: 7. Jun 2009, 22:52
Location: Lyon, France

Re: PAM

Post by JRD » 16. Jun 2009, 10:00

Thanks B.
It's a bit blurred (with no example) but it's a start.
I know that xscreeensaver can use it. I personaly recompiled it with pam to have a good authentification mecanism (I have problems without it) and with others option. It's the only example I know.
Image

Locked