On Fri, Jan 23, 2009 at 1:03 AM, Volker Armin Hemmann <volkerar...@googlemail.com> wrote:
> in the past pam breakage caused login trouble, In the past... Like when there's were not enough documentation or it was too cryptic? > so, could you please answer mine now: > why should pam be used in the first place on a usual server/desktop which has > restricted access anyway? That was not your question. You redefined it, but I'll answer anyway: PAM helps you to have a stackable authentication system like: Kerberos LDAP Files If kerberos is available use it. If not, try ldap, and if that fails too, use files (passwd/shadow) Or you could combine the three methods!! (but you'll have to type up to three passwords) Or maybe you have a pendrive with a digital certificate you want to use to authenticate privileged users. What about biometrics (fingerprints, etc) combined with passwords and/or digital certificates? About security. I fail to see how removing PAM will magically make your system more secure.
