On Freitag 23 Januar 2009, Norberto Bensa wrote: > On Fri, Jan 23, 2009 at 1:03 AM, Volker Armin Hemmann > > <volkerar...@googlemail.com> wrote: > > in the past pam breakage caused login trouble, > > In the past... Like when there's were not enough documentation or it > was too cryptic? > > > so, could you please answer mine now: > > why should pam be used in the first place on a usual server/desktop which > > has restricted access anyway? > > That was not your question. You redefined it, but I'll answer anyway: > > PAM helps you to have a stackable authentication system like: > > Kerberos > LDAP > Files > > If kerberos is available use it. If not, try ldap, and if that fails > too, use files (passwd/shadow) Or you could combine the three > methods!! (but you'll have to type up to three passwords) Or maybe you > have a pendrive with a digital certificate you want to use to > authenticate privileged users. What about biometrics (fingerprints, > etc) combined with passwords and/or digital certificates?
so nothing 90% of all users ever use or need. > > About security. I fail to see how removing PAM will magically make > your system more secure. if you don't use any of that 'stackable' stuff or other features and you remove pam, you don't have to worry about pam securtiy problems.
