View previous topic :: View next topic |
Author |
Message |
knittel n00b
Joined: 29 Nov 2002 Posts: 50
|
Posted: Fri Nov 29, 2002 6:56 pm Post subject: pam-less system |
|
|
Hello,
I try to rebuild my base-system without pam. I set "-pam" as use flag in make.conf and removed pam, pwdb and cracklib from make.profile/packages.
However, emerge -e -p system still wants to build pam and related.
I guess some port is not respecting "-pam" ?
Anyone experience ? |
|
Back to top |
|
|
shdwrnnr n00b
Joined: 30 Aug 2002 Posts: 17
|
Posted: Fri Nov 29, 2002 11:44 pm Post subject: |
|
|
There are still a few packages that require pam regardless of the USE flags. This was a choice made by the developers. Before bootstrapping, you'll have to go into /etc/local.profile, take out the pam-login, modify the shadow ebuild file to install its own login program instead of using the login from pam-login. You may have to edit a few other ebuild files to pull this off. I did this and was able to have a pam-less system. |
|
Back to top |
|
|
panserg Apprentice
Joined: 16 Apr 2003 Posts: 188
|
Posted: Sat Feb 14, 2004 10:55 pm Post subject: |
|
|
I am not arguing with you, instead I am trying to educate myself:
What would be a reason to build the system without PAM? _________________ Less is more! |
|
Back to top |
|
|
AngusYoung Retired Dev
Joined: 20 Dec 2002 Posts: 473 Location: Czech Republic
|
Posted: Sun Feb 29, 2004 3:04 am Post subject: |
|
|
panserg wrote: | I am not arguing with you, instead I am trying to educate myself:
What would be a reason to build the system without PAM? |
I`d like to know that too ...
[edit]
Well, talking to a friend on IRC, she recommended me to read this (search for "Tue Sep 23 14:43:10 PDT 2003").
I'll quote that for us:
Quote: | This fixes security problems with PAM authentication. It also includes
several code cleanups from Solar Designer. Slackware does not use PAM and is
not vulnerable to any of the fixed problems.
Please indulge me for this brief aside (as requests for PAM are on the rise):
If you see a security problem reported which depends on PAM, you can be
glad you run Slackware. I think a better name for PAM might be SCAM, for
Swiss Cheese Authentication Modules, and have never felt that the small
amount of convenience it provides is worth the great loss of system
security. We miss out on half a dozen security problems a year by not
using PAM, but you can always install it yourself if you feel that
you're missing out on the fun. (No, don't do that) |
... it was made by Patrick, from Slackware Linux.
[/edit] _________________ My blog
Twitter |
|
Back to top |
|
|
NightSpirit n00b
Joined: 27 Sep 2003 Posts: 71 Location: North London, UK
|
Posted: Wed Mar 10, 2004 11:03 pm Post subject: |
|
|
panserg wrote: | I am not arguing with you, instead I am trying to educate myself:
What would be a reason to build the system without PAM? |
Well, my reasons for wanting to build a system without PAM is because the last two times I have installed gentoo systems I have ended up with systems I can't login to at the console because of pam. I know there is a fix on the forums to do with creating and editing the /etc/pam.d/login file that is missing by default but even so ... gentoo is supposed to be about choice and I choose to include -pam in my USE and thus I don't really want pam and pam-login installed on my system or forcing themselves to be messed around with before I can login to my system
Not having a go as such, just annoyed that I have just had to reboot my newly installed machine, boot a live-cd, re-chroot back in, unmerge both pam and pam-login and then re emerge shadow on a P166MMX _________________ Currently playing with Applescript ... hmmm |
|
Back to top |
|
|
Toskinha n00b
Joined: 01 Mar 2004 Posts: 1
|
Posted: Fri Mar 19, 2004 6:56 pm Post subject: |
|
|
Hi
My USE also have "-pam", but seems like emerge system ignore it. So, after finished install, you can do
USE="-pam" emerge shadow sudo
and have a nice pam-less system. Work for me, and I remove pam and pam-login. |
|
Back to top |
|
|
3lithium n00b
Joined: 07 Mar 2004 Posts: 54
|
Posted: Sat Mar 20, 2004 3:46 am Post subject: |
|
|
panserg wrote: | What would be a reason to build the system without PAM? |
Because it's not really needed on my systems, and the fewer packages installed the better - less resources are needed, less things to maintain, less things that can go wrong, less exposure to security problems... |
|
Back to top |
|
|
converter Apprentice
Joined: 24 Dec 2002 Posts: 163
|
Posted: Mon Mar 29, 2004 4:58 am Post subject: |
|
|
panserg wrote: | I am not arguing with you, instead I am trying to educate myself:
What would be a reason to build the system without PAM? |
I, for one, could do without the total fubar that is pam_console. This useless appendage is a constant source of grief for me; it constantly leaves important device files owned by users who are no longer logged into the system. As soon as I get a chance, I'm going to disable pam_console and use groups to control access to the sound devices and nvidia drivers, just as nature intended.
I'm still trying to figure out which problem pam_console is supposed to be solving. Anyone know? My Linux boxes worked fine for years without pam_console, and when it started showing up, all it did was create problems of its own. _________________ converter |
|
Back to top |
|
|
NightSpirit n00b
Joined: 27 Sep 2003 Posts: 71 Location: North London, UK
|
Posted: Sun Apr 04, 2004 8:24 pm Post subject: |
|
|
Grrr! Just found out pam is a "dependancy" for the gdm ebuild now. That's new - or atleast it didn't produce a broken gdm last time i installed it.
shdwrnnr wrote: | There are still a few packages that require pam regardless of the USE flags. This was a choice made by the developers. |
Out of curiosity, is there an IRC log or forum post about this somewhere? I'd be quite interested in reading why the choice was made to break the systems of people who set "-pam" in their use flags. _________________ Currently playing with Applescript ... hmmm |
|
Back to top |
|
|
chashab n00b
Joined: 16 Jun 2004 Posts: 71 Location: Republic of Alumbia
|
Posted: Tue Jul 19, 2005 10:18 pm Post subject: |
|
|
I've removed pam from installed boxes, but i'm about to install gentoo on a couple more.
Has anyone installed a pam-less Gentoo recently? How did it go? |
|
Back to top |
|
|
CompNerd Retired Dev
Joined: 16 Mar 2003 Posts: 311 Location: 127.0.0.1
|
Posted: Wed Jul 20, 2005 4:19 am Post subject: |
|
|
I have multiple PAM-less systems that I run currently. None of them have any issues...and now that GDM has been fixed, I have everything working exactly like I like it.
compnerd |
|
Back to top |
|
|
|