Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
No more PAM! ;)
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4, 5, 6  Next  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  

Did/do you like PAM?
Not at all!
39%
 39%  [ 218 ]
I don't care - stop bothering me!
39%
 39%  [ 219 ]
Yes, I cannot be without PAM.
20%
 20%  [ 114 ]
Total Votes : 551

Author Message
micmac
l33t
l33t


Joined: 28 Nov 2003
Posts: 993

PostPosted: Tue Nov 30, 2004 1:10 am    Post subject: No more PAM! ;) Reply with quote

:D Hey all!

I just wanted to express how glad I am that you can have a PAM-free Gentoo at last. I removed "sys-apps/shadow pam" from package.use today and pam and pam-login were removed by emerge depclean. After reemerging shadow all was ok. No more PAM! ;)

Bottoms up!

Greets

mic :twisted:
Back to top
View user's profile Send private message
gentoo_lan
l33t
l33t


Joined: 08 Sep 2004
Posts: 890
Location: Charles Town, WV

PostPosted: Tue Nov 30, 2004 1:17 am    Post subject: Reply with quote

I don't really care either way. I currently use pam but if I really don't need it I may get rid of it.
Back to top
View user's profile Send private message
micmac
l33t
l33t


Joined: 28 Nov 2003
Posts: 993

PostPosted: Tue Nov 30, 2004 1:26 am    Post subject: Reply with quote

I wanted to get rid of PAM since the beginning. Especially since I converted my two boxes to udev. On both I never changed permissions; I got burning perms on one box but not the other. PAM was just too weired and complicated for me to be helpful. It was IN MY WAY :D

mic
Back to top
View user's profile Send private message
Kyro
n00b
n00b


Joined: 20 Dec 2002
Posts: 56
Location: Over here

PostPosted: Tue Nov 30, 2004 1:38 am    Post subject: Reply with quote

What are the pros and cons of running an installation with respective without PAM enabled? I always got the impression of PAM being important from how people have talked about it. :?
_________________
Quis custodiet ipsos custodes?
Back to top
View user's profile Send private message
micmac
l33t
l33t


Joined: 28 Nov 2003
Posts: 993

PostPosted: Tue Nov 30, 2004 4:22 am    Post subject: Reply with quote

Hi Kyro,

PAM was important for Gentoo the way I see it, because if you didn't emerge shadow with pam support you weren't able to login properly. But that seems to be history now.

Some peope (for instance Pat from Slackware) don't like it for security reasons (Slackware never incuded PAM), others have problems with it regarding device permissions like me. Plus I never understood what PAM is made for. Changing device perms on a log in and user basis doesn't make things easier or better, it's just too complex. In it's complexity lies a great potential for errors (security holes). That's my opinion.

mic
Back to top
View user's profile Send private message
placeholder
Advocate
Advocate


Joined: 07 Feb 2004
Posts: 2500

PostPosted: Tue Nov 30, 2004 4:29 am    Post subject: Reply with quote

After hearing this, I am removing it from my system. :D
Back to top
View user's profile Send private message
micmac
l33t
l33t


Joined: 28 Nov 2003
Posts: 993

PostPosted: Tue Nov 30, 2004 4:36 am    Post subject: Reply with quote

Pwnz3r wrote:
After hearing this, I am removing it from my system. :D


Hi,

check if you get problems with passwd. I needed to change

CRACKLIB_DICTPATH /usr/lib

to

CRACKLIB_DICTPATH /usr/lib/cracklib_dict

in /etc/login.defs, otherwise the cracklib file wasn't found and passwd couldn't test the password. I already filed it at https://bugs.gentoo.org/show_bug.cgi?id=72871

mic
Back to top
View user's profile Send private message
placeholder
Advocate
Advocate


Joined: 07 Feb 2004
Posts: 2500

PostPosted: Tue Nov 30, 2004 5:02 am    Post subject: Reply with quote

The only problem I ran into was not being able to su, which I fixed by simply changing SU_WHEEL_ONLY to no in /etc/login.defs. :wink:
Back to top
View user's profile Send private message
micmac
l33t
l33t


Joined: 28 Nov 2003
Posts: 993

PostPosted: Tue Nov 30, 2004 5:53 am    Post subject: Reply with quote

Right!

I have that set, too. But now everyone can su to root. Maybe that's not what we want. But I didn't find any other way, yet.

mic
Back to top
View user's profile Send private message
soda_popstar
Apprentice
Apprentice


Joined: 03 May 2003
Posts: 177

PostPosted: Tue Nov 30, 2004 6:04 am    Post subject: Reply with quote

What's so bad about PAM? I'm kinda uninformed on the issue... why do so many people dislike it? Are there advantages to not using it?
Back to top
View user's profile Send private message
Deranger
Veteran
Veteran


Joined: 26 Aug 2004
Posts: 1215

PostPosted: Tue Nov 30, 2004 9:48 am    Post subject: Reply with quote

Well, good luck on b0rking your system :lol:
Back to top
View user's profile Send private message
Kyro
n00b
n00b


Joined: 20 Dec 2002
Posts: 56
Location: Over here

PostPosted: Tue Nov 30, 2004 10:04 am    Post subject: Reply with quote

Oktane wrote:
Well, good luck on b0rking your system :lol:


Hey, b0rking ones system is an important part of the learning process.

... at least thats what I'm going to claim after all the systems I've borked. :D
_________________
Quis custodiet ipsos custodes?
Back to top
View user's profile Send private message
exeter
Apprentice
Apprentice


Joined: 21 Jul 2004
Posts: 189

PostPosted: Tue Nov 30, 2004 10:27 am    Post subject: Reply with quote

Kyro wrote:
Oktane wrote:
Well, good luck on b0rking your system :lol:


Hey, b0rking ones system is an important part of the learning process.

... at least thats what I'm going to claim after all the systems I've borked. :D


Lol... yeah, I have b0rked my system so bad I had to reinstall at least 3 times. This isn't even counting all the failed installs when I was first trying to get it working. I've been running gentoo about, oh, 6 months... on average, that means I b0rk the system about ever 2 months or so. Not bad, if I do say so myself... lol.
Back to top
View user's profile Send private message
TheCoop
Veteran
Veteran


Joined: 15 Jun 2002
Posts: 1814
Location: Where you least expect it

PostPosted: Tue Nov 30, 2004 10:28 am    Post subject: Reply with quote

well, i find the pam_usb module very useful. Is there any way of getting rid of pam changing the device permissons, since udev handles that now, and just have it handle auth/login?
_________________
95% of all computer errors occur between chair and keyboard (TM)

"One World, One web, One program" - Microsoft Promo ad.
"Ein Volk, Ein Reich, Ein Führer" - Adolf Hitler

Change the world - move a rock
Back to top
View user's profile Send private message
codergeek42
Bodhisattva
Bodhisattva


Joined: 05 Apr 2004
Posts: 5142
Location: Anaheim, CA (USA)

PostPosted: Tue Nov 30, 2004 4:25 pm    Post subject: Reply with quote

Fwiw, I tried removing PAM once and could not login to my system after that. Thank goodness for LiveCDs :)
_________________
~~ Peter: Programmer, Mathematician, STEM & Free Software Advocate, Enlightened Agent, Transhumanist, Fedora contributor
Who am I? :: EFF & FSF
Back to top
View user's profile Send private message
greg_g
Retired Dev
Retired Dev


Joined: 02 Mar 2003
Posts: 180

PostPosted: Tue Nov 30, 2004 5:02 pm    Post subject: Reply with quote

soda_popstar wrote:
What's so bad about PAM? I'm kinda uninformed on the issue... why do so many people dislike it? Are there advantages to not using it?


PAM was really a great thing when it came out, but the it became totally, absolutely unmainteined. Take this snippet from the pam_console module (the one that changes permissions on login):
/usr/share/doc/pam-0.77-r1/modules/README.pam_console.gz wrote:
Please note: the current version depends on too many external tools
and libraries, making it big and hard to evaluate for security.
This is only a bootstrap stage; I'll be fixing it later. I'm using
lex/yacc right now so that it is trivial to change the grammar, and
I'm using glib because I didn't want to write my own hashtables
while I was busy thinking about file locking. Don't report those
as bugs, I'll fix them later once I've ironed out the important
details...

Michael K. Johnson
Red Hat Software, Inc.

Copyright 1999 Red Hat Software, Inc.


5 years passed,so that glib dependency should have changed, right? :roll:
Back to top
View user's profile Send private message
TheCoop
Veteran
Veteran


Joined: 15 Jun 2002
Posts: 1814
Location: Where you least expect it

PostPosted: Tue Nov 30, 2004 6:38 pm    Post subject: Reply with quote

well maybe it should become maintained again, since it has the potential to be a great resource to log on using all sorts of things

If I had the time and expertise to take this up i would, but i dont, so i cant :?
Don't let this project die!
_________________
95% of all computer errors occur between chair and keyboard (TM)

"One World, One web, One program" - Microsoft Promo ad.
"Ein Volk, Ein Reich, Ein Führer" - Adolf Hitler

Change the world - move a rock
Back to top
View user's profile Send private message
JOS654
Tux's lil' helper
Tux's lil' helper


Joined: 15 Nov 2003
Posts: 101
Location: Spain - Malaga

PostPosted: Tue Nov 30, 2004 8:09 pm    Post subject: Reply with quote

ok i got a problem :/ i removed the package pam but using sudo so i dont have root access now so i cant reinstall shadow and i cant log to root any idea about what to do?
Back to top
View user's profile Send private message
codergeek42
Bodhisattva
Bodhisattva


Joined: 05 Apr 2004
Posts: 5142
Location: Anaheim, CA (USA)

PostPosted: Tue Nov 30, 2004 8:14 pm    Post subject: Reply with quote

JOS654 wrote:
ok i got a problem :/ i removed the package pam but using sudo so i dont have root access now so i cant reinstall shadow and i cant log to root any idea about what to do?
Boot from the LiveCD, mount your partitions, and chroot into your install then re-emerge anything needed. That should (hopefully) fix it.
_________________
~~ Peter: Programmer, Mathematician, STEM & Free Software Advocate, Enlightened Agent, Transhumanist, Fedora contributor
Who am I? :: EFF & FSF
Back to top
View user's profile Send private message
denstark
l33t
l33t


Joined: 02 Jun 2003
Posts: 654
Location: sd.ca.us

PostPosted: Tue Nov 30, 2004 8:16 pm    Post subject: Reply with quote

JOS654 wrote:
ok i got a problem :/ i removed the package pam but using sudo so i dont have root access now so i cant reinstall shadow and i cant log to root any idea about what to do?



lmao :)

Boot into the livecd, mount your partitions, chroot, and then emerge shadow :]
_________________
Blog
Code:
denstark> starbuck authorizes torture?
rokstar> sure they do, you tried their coffee?
Back to top
View user's profile Send private message
placeholder
Advocate
Advocate


Joined: 07 Feb 2004
Posts: 2500

PostPosted: Tue Nov 30, 2004 8:41 pm    Post subject: Reply with quote

Yeah.... Next time keep the terminal open. :P
Back to top
View user's profile Send private message
JOS654
Tux's lil' helper
Tux's lil' helper


Joined: 15 Nov 2003
Posts: 101
Location: Spain - Malaga

PostPosted: Tue Nov 30, 2004 9:29 pm    Post subject: Reply with quote

and i supposed that using sudo was better than su :lol:
well i have repaired the system but gdm wants pam at all cost so is the only package left in the system, login-pam and all package using the flag pam has been reemerged
thx for the help
Back to top
View user's profile Send private message
Lews_Therin
l33t
l33t


Joined: 03 Oct 2003
Posts: 657
Location: Banned

PostPosted: Wed Dec 01, 2004 3:01 am    Post subject: Reply with quote

Bah

I have removed PAM, and now can't su or sudo. Switching to the console to emerge anything sucks :P
Back to top
View user's profile Send private message
placeholder
Advocate
Advocate


Joined: 07 Feb 2004
Posts: 2500

PostPosted: Wed Dec 01, 2004 3:15 am    Post subject: Reply with quote

Lews_Therin wrote:
Bah

I have removed PAM, and now can't su or sudo. Switching to the console to emerge anything sucks :P

Did you try doing what I had to do(check my earlier posts)?
Back to top
View user's profile Send private message
Lews_Therin
l33t
l33t


Joined: 03 Oct 2003
Posts: 657
Location: Banned

PostPosted: Wed Dec 01, 2004 4:02 am    Post subject: Reply with quote

Pwnz3r wrote:
Lews_Therin wrote:
Bah

I have removed PAM, and now can't su or sudo. Switching to the console to emerge anything sucks :P

Did you try doing what I had to do(check my earlier posts)?


I was hoping there was a way without letting all user accounts su. Guess I'll have to do it your way though.

EDIT: and it still doesn't work.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page 1, 2, 3, 4, 5, 6  Next
Page 1 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum