Page 1 of 2
PAM
Posted: 15. Jun 2009, 13:09
by thenktor
Pluggable Authentication Modules
Slackware doesn't use PAM, Zenwalk uses PAM. What are the advantages/disadvantages of PAM? Do we want to use it? AFAIK every modern distribution uses it but I have no idea why?
Re: PAM
Posted: 15. Jun 2009, 16:02
by Sparky
Using PAM allows you to use things like fingerprint readers and webcam facial recognition as login credentials through a plugin system. That's all I've ever used it for, anyway, perhaps it does other stuff too. It's certainly no big deal if we don't have PAM though, I never used those gimmicky login devices for more than just fun purposes.
Re: PAM
Posted: 15. Jun 2009, 17:16
by thenktor
Hmm, I know that there are a lot notebooks with these fingerprint sensors.
Re: PAM
Posted: 15. Jun 2009, 17:18
by gapan
It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
Re: PAM
Posted: 15. Jun 2009, 22:09
by Shador
That's why I type in my password plain.
If there a no real arguments for PAM, I don't see why we should add it because my impression was also that it's just complicating things (e.g. autologin you get that lastlogin message).
Re: PAM
Posted: 15. Jun 2009, 23:26
by .:B:.
gapan wrote:And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
As I understood it PAM allows for more fine-grained control. I have noticed the slowdown too; I didn't know PAM was responsible for that.
As for fingerprint readers - they're crap and give a false sense of security. You don't need high tech gear to duplicate fingerprints (as the German C't magazine once tested).
Re: PAM
Posted: 16. Jun 2009, 04:55
by Sparky
gapan wrote:It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.
In that case, I vote a thousand times against including PAM. That little delay doesn't seem like much, but I su a lot, and the delay really gets to me.
Re: PAM
Posted: 16. Jun 2009, 08:37
by JRD
Decision taken too quickly.
We must search the benefits of PAM (we already found one), the disavantages (we already found one), and take a dicision uppon this.
What do you think ?
Re: PAM
Posted: 16. Jun 2009, 09:50
by .:B:.
I think it certainly merits an in-depth study JRD
. Excellent point.
This is what Red Hat lists as its advantages:
* It provides a common authentication scheme that can be used with a wide variety of applications.
* t allows great flexibility and control over authentication for both the system administrator and application developer.
* t allows application developers to develop their program without implementing a particular authentication scheme. Instead, they can focus purely on the details of their program.
Re: PAM
Posted: 16. Jun 2009, 10:00
by JRD
Thanks B.
It's a bit blurred (with no example) but it's a start.
I know that xscreeensaver can use it. I personaly recompiled it with pam to have a good authentification mecanism (I have problems without it) and with others option. It's the only example I know.