Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
pam-less system
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
knittel
n00b
n00b


Joined: 29 Nov 2002
Posts: 50

PostPosted: Fri Nov 29, 2002 6:56 pm    Post subject: pam-less system Reply with quote

Hello,

I try to rebuild my base-system without pam. I set "-pam" as use flag in make.conf and removed pam, pwdb and cracklib from make.profile/packages.
However, emerge -e -p system still wants to build pam and related.
I guess some port is not respecting "-pam" ?
Anyone experience ?
Back to top
View user's profile Send private message
shdwrnnr
n00b
n00b


Joined: 30 Aug 2002
Posts: 17

PostPosted: Fri Nov 29, 2002 11:44 pm    Post subject: Reply with quote

There are still a few packages that require pam regardless of the USE flags. This was a choice made by the developers. Before bootstrapping, you'll have to go into /etc/local.profile, take out the pam-login, modify the shadow ebuild file to install its own login program instead of using the login from pam-login. You may have to edit a few other ebuild files to pull this off. I did this and was able to have a pam-less system.
Back to top
View user's profile Send private message
panserg
Apprentice
Apprentice


Joined: 16 Apr 2003
Posts: 188

PostPosted: Sat Feb 14, 2004 10:55 pm    Post subject: Reply with quote

I am not arguing with you, instead I am trying to educate myself:

What would be a reason to build the system without PAM?
_________________
Less is more!
Back to top
View user's profile Send private message
AngusYoung
Retired Dev
Retired Dev


Joined: 20 Dec 2002
Posts: 473
Location: Czech Republic

PostPosted: Sun Feb 29, 2004 3:04 am    Post subject: Reply with quote

panserg wrote:
I am not arguing with you, instead I am trying to educate myself:

What would be a reason to build the system without PAM?

I`d like to know that too ...

[edit]
Well, talking to a friend on IRC, she recommended me to read this (search for "Tue Sep 23 14:43:10 PDT 2003").
I'll quote that for us:
Quote:
This fixes security problems with PAM authentication. It also includes
several code cleanups from Solar Designer. Slackware does not use PAM and is
not vulnerable to any of the fixed problems.
Please indulge me for this brief aside (as requests for PAM are on the rise):
If you see a security problem reported which depends on PAM, you can be
glad you run Slackware. I think a better name for PAM might be SCAM, for
Swiss Cheese Authentication Modules, and have never felt that the small
amount of convenience it provides is worth the great loss of system
security. We miss out on half a dozen security problems a year by not
using PAM, but you can always install it yourself if you feel that
you're missing out on the fun. (No, don't do that)

... it was made by Patrick, from Slackware Linux.
[/edit]
_________________
My blog
Twitter
Back to top
View user's profile Send private message
NightSpirit
n00b
n00b


Joined: 27 Sep 2003
Posts: 71
Location: North London, UK

PostPosted: Wed Mar 10, 2004 11:03 pm    Post subject: Reply with quote

panserg wrote:
I am not arguing with you, instead I am trying to educate myself:

What would be a reason to build the system without PAM?


Well, my reasons for wanting to build a system without PAM is because the last two times I have installed gentoo systems I have ended up with systems I can't login to at the console because of pam. I know there is a fix on the forums to do with creating and editing the /etc/pam.d/login file that is missing by default but even so ... gentoo is supposed to be about choice and I choose to include -pam in my USE and thus I don't really want pam and pam-login installed on my system or forcing themselves to be messed around with before I can login to my system :(

Not having a go as such, just annoyed that I have just had to reboot my newly installed machine, boot a live-cd, re-chroot back in, unmerge both pam and pam-login and then re emerge shadow on a P166MMX :(
_________________
Currently playing with Applescript ... hmmm
Back to top
View user's profile Send private message
Toskinha
n00b
n00b


Joined: 01 Mar 2004
Posts: 1

PostPosted: Fri Mar 19, 2004 6:56 pm    Post subject: Reply with quote

Hi

My USE also have "-pam", but seems like emerge system ignore it. So, after finished install, you can do
USE="-pam" emerge shadow sudo

and have a nice pam-less system. Work for me, and I remove pam and pam-login.
Back to top
View user's profile Send private message
3lithium
n00b
n00b


Joined: 07 Mar 2004
Posts: 54

PostPosted: Sat Mar 20, 2004 3:46 am    Post subject: Reply with quote

panserg wrote:
What would be a reason to build the system without PAM?

Because it's not really needed on my systems, and the fewer packages installed the better - less resources are needed, less things to maintain, less things that can go wrong, less exposure to security problems...
Back to top
View user's profile Send private message
converter
Apprentice
Apprentice


Joined: 24 Dec 2002
Posts: 163

PostPosted: Mon Mar 29, 2004 4:58 am    Post subject: Reply with quote

panserg wrote:
I am not arguing with you, instead I am trying to educate myself:

What would be a reason to build the system without PAM?


I, for one, could do without the total fubar that is pam_console. This useless appendage is a constant source of grief for me; it constantly leaves important device files owned by users who are no longer logged into the system. As soon as I get a chance, I'm going to disable pam_console and use groups to control access to the sound devices and nvidia drivers, just as nature intended.

I'm still trying to figure out which problem pam_console is supposed to be solving. Anyone know? My Linux boxes worked fine for years without pam_console, and when it started showing up, all it did was create problems of its own.
_________________
converter
Back to top
View user's profile Send private message
NightSpirit
n00b
n00b


Joined: 27 Sep 2003
Posts: 71
Location: North London, UK

PostPosted: Sun Apr 04, 2004 8:24 pm    Post subject: Reply with quote

Grrr! Just found out pam is a "dependancy" for the gdm ebuild now. :( That's new - or atleast it didn't produce a broken gdm last time i installed it.

shdwrnnr wrote:
There are still a few packages that require pam regardless of the USE flags. This was a choice made by the developers.


Out of curiosity, is there an IRC log or forum post about this somewhere? I'd be quite interested in reading why the choice was made to break the systems of people who set "-pam" in their use flags.
_________________
Currently playing with Applescript ... hmmm
Back to top
View user's profile Send private message
chashab
n00b
n00b


Joined: 16 Jun 2004
Posts: 71
Location: Republic of Alumbia

PostPosted: Tue Jul 19, 2005 10:18 pm    Post subject: Reply with quote

I've removed pam from installed boxes, but i'm about to install gentoo on a couple more.

Has anyone installed a pam-less Gentoo recently? How did it go?
Back to top
View user's profile Send private message
CompNerd
Retired Dev
Retired Dev


Joined: 16 Mar 2003
Posts: 311
Location: 127.0.0.1

PostPosted: Wed Jul 20, 2005 4:19 am    Post subject: Reply with quote

I have multiple PAM-less systems that I run currently. None of them have any issues...and now that GDM has been fixed, I have everything working exactly like I like it.

compnerd
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum