Petition for the inclusion of PAM in the next Slackware release
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Our favourite Linux distribution has always had a conservative approach to change, which is inherently a good thing. No dramatic changes for the sake of change, no useless "technology previews", no automatic GUI assistants that will overwrite our configuration files. Changes are only introduced in small incremental steps and without drama, which makes Slackware one of the most boring distributions around. Boring is good, because administrators of boring systems usually sleep well at night. I love boring, and I love Slackware.
This being said, there is one component that Slackware has decided not to include until this day: Linux-PAM. Early versions of PAM have had some bad press, but these days seem to be long gone. Today, unfortunately, the absence of PAM has become more of a showstopper than an actual feature. For this reason, I'd like to initiate a petition to include it in the next release.
Some thoughts on this subject, in no particular order.
The casual desktop user won't have to change any of his habits. The presence of PAM will most certainly go unnoticed.
Server admins will have to add the odd line in a configuration file.
Including PAM will open up Slackware to the enterprise world. I know this sounds a bit "grand", but secure LDAP authentication requires PAM (and all other suggested solutions are messy workarounds).
Unlike other software (like MATE, GNOME, Enlightenment, Steam, etc.), PAM cannot be maintained as an external third-party project, since it involves rebuilding a considerable amount of core Slackware packages.
Vincent Batts does maintain a collection of PAM-ified Slackware packages, but these are designed for current, and though this project may actually work fine, it can only be considered experimental.
If you run Slackware on your servers and would like your favourite distribution to include PAM, let your voice be heard in this thread.
I didn't even know there were different implementations. Thanks for pointing it out. On the other hand, I fully trust Patrick to make the right choice in that matter.
If it's invisible to the user and doesn't complicate permission handling and access to resources, or become a permission nightmarish hell, then yes it should be considered, but only if the implementation is kept sane and minimal to a generalized instance without overt complexity.
There are at least three PAM implementations, Solaris PAM (the original), Linux-PAM (the free version of Solaris PAM), and OpenPAM (sponsored by NetBSD and FreeBSD).
I think OpenBSD uses something similar to PAM (BSD Authentication), but it uses static libraries rather than dynamic libraries and has a few different controls regarding permission handling, resource accessibility, and other user/group issues.
Our favourite Linux distribution has always had a conservative approach to change, which is inherently a good thing. No dramatic changes for the sake of change, no useless "technology previews", no automatic GUI assistants that will overwrite our configuration files. Changes are only introduced in small incremental steps and without drama, which makes Slackware one of the most boring distributions around. Boring is good, because administrators of boring systems usually sleep well at night. I love boring, and I love Slackware.
This being said, there is one component that Slackware has decided not to include until this day: Linux-PAM. Early versions of PAM have had some bad press, but these days seem to be long gone. Today, unfortunately, the absence of PAM has become more of a showstopper than an actual feature. For this reason, I'd like to initiate a petition to include it in the next release.
Some thoughts on this subject, in no particular order.
The casual desktop user won't have to change any of his habits. The presence of PAM will most certainly go unnoticed.
Server admins will have to add the odd line in a configuration file.
Including PAM will open up Slackware to the enterprise world. I know this sounds a bit "grand", but secure LDAP authentication requires PAM (and all other suggested solutions are messy workarounds).
Unlike other software (like MATE, GNOME, Enlightenment, Steam, etc.), PAM cannot be maintained as an external third-party project, since it involves rebuilding a considerable amount of core Slackware packages.
Vincent Batts does maintain a collection of PAM-ified Slackware packages, but these are designed for current, and though this project may actually work fine, it can only be considered experimental.
If you run Slackware on your servers and would like your favourite distribution to include PAM, let your voice be heard in this thread.
Cheers,
Niki
I completely agree with this petition. In today's Enterprise environment, without PAM, you, as Linux distribution, you have same chances as a fish living in Sahara Desert.
Even I, I earn my everyday bucks, maintaining a little in-house distribution, for a European Company, which distribution is essentially just Slackware without the desktop part, BUT having integrated, in plus, (Linux-)PAM, and everything built with the target i686.
I'm OK with the setup of PAM on FreeBSD: It's crisp, sharp, and doesn't get in the way. However, I've not known the step after installing the OpenPAM pre-packaged source code for Linux, i.e., where are the useful PAM modules? Does a FreeBSD-style password database have to be installed, or am I missing something obvious and need to read the instructions again?
Therefore, if I need PAM, it ends up being Linux-PAM because I can get it working out of the box and have it maintain shadow passwords. But it's not the solution I was looking for...if nothing else, that mushy password pause drives me nuts. Maybe that's a deliberate security pause that can be shut off?
I'll leave this up to Pat, simply because I'm not trying to run Linux as a desktop on a Samba network with winbindd and such. Current PAM needs are satisfactory. Should I try Wayland/Weston again, PAM will be helpful again.
Last edited by mlslk31; 12-03-2014 at 09:43 AM.
Reason: low-sleep revision: PAM is mushy even on successful logons
I have a particular interest in improving Slackware's suitability to Enterprise use, and was really hoping someone else would provide a PAM solution before I got around to working on it. Been kicking it down the road while working (slowly) on glusterfs and etcd SlackBuilds.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.