[SOLVED] So, there is PulseAudio... How about to begin investigating adding LinuxPAM to Slackware too?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My basic understanding is that pam without kereberos would not supply enough of the features those who have asked for pam here desire to make sense adding it like that, however I only know that from following the discussion.
It does not matter if any slackbuilds I am maintaining directly depend on pam or not, their own dependencies or the dependencies of those do and I could not in good conscious submit slackbuilds that have not been tested in such a system.
My basic understanding is that pam without kereberos would not supply enough of the features those who have asked for pam here desire to make sense adding it like that, however I only know that from following the discussion.
That is exactly it. Adding PAM without adding Kerberos would be like, dare I say, adding Bluez 5 without adding PulseAudio.
My basic understanding is that pam without kereberos would not supply enough of the features those who have asked for pam here desire to make sense adding it like that, however I only know that from following the discussion.
It does not matter if any slackbuilds I am maintaining directly depend on pam or not, their own dependencies or the dependencies of those do and I could not in good conscious submit slackbuilds that have not been tested in such a system.
Sure, without Kerberos, the PAM is well limited, still strong enough to support the iTALC, an application hugely used into schools or, for example, finger-print readers, making it an interesting alternative for those who sell laptops with Linux pre-installed.
In other hand, what if PAM is adopted by Slackware and, of course, Slackbuilds.org should follow it? And it should follow, because mixing PAMified/non-PAMified packages is not the luckiest idea. What you proceed? You will accept to work under PAM?
In other hand, what if PAM is adopted by Slackware and, of course, Slackbuilds.org should follow it? And it should follow, because mixing PAMified/non-PAMified packages is not the luckiest idea. What you proceed? You will accept to work under PAM?
If that happens, I have no doubt that most if not all SlackBuilds maintainers will adapt their scripts accordingly. But they will have to do that only once and cope with only one situation (no option with/without PAM) thus the flow of support requests addressed to them probably won't increase too much due to the new situation. This has been already pointed out many times in this thread.
But this is very hypothetical and is unlikely to happen in the current development cycle, so wait and see.
"What if" is generally a good question but also reminds me our old saying: "Avec des si, on mettrait Paris en bouteille" (with ifs one would put Paris in a bottle).
Last edited by Didier Spaier; 01-29-2016 at 05:08 PM.
Location: Geneva - Switzerland ( Bordeaux - France / Montreal - QC - Canada)
Distribution: Slackware 14.2 - 32/64bit
Posts: 609
Rep:
Quote:
Originally Posted by Didier Spaier
"What if" is generally a good question but also reminds me our old saying: "Avec des si, on mettrait Paris en bouteille" (with ifs one would put Paris in a bottle).
Side note for non-french speaking ones: a pun comes from "if" ('si' in french) sounding likes "saw" ('scie' in french), so you can understand the direct sense "with some ifs you can", or the double-sense "with some saws you can".
If it's only accessible locally... I tend to be very suspicious about those "web interface" which are so standard that every black hat can "robotize" any attacks... I know it's a trend, but I find that very unsafe. Of course if you change port and use an unconventional location + ssl it reduces the risk, but... Well maybe "I'm to old for this shit", but I'd rather use terminal only configuration (editor, custom script whatever BUT a WWW frontend ).
BTW, I can understand in your case, moreover if you can delegate user add/remove to some "school manager", it will be simpler to use for someone who's not a power-user.
How many people lost their data using "phpmyadmin" and leaving it in the default location ?
Oups sorry, I added a layer of pollution to this thread .
A PAMified Slackware will require probably less burden[1], because will not require to patch the things to work only with shadow authentication, the Slackware affiliated programmers will have also less headaches[3], trying to make the develop patches and even bigger things, to support, again, the shadow authentication, while, as even Our Dear Leader agree, we will run code much more tested, then more secure[2] and stable.
So, picking avoiding the PAM, you will obtain instead: more burden, less secure and more headache.
Well, our POV is different on this
Adding PAM adds more burden since you need to make sure all packages in slackware works with PAM. Slackware works without PAM and still doing it's job up to now
Is there any good resource that adding PAM will add security and stability? Looking it's past track record, i saw otherwise
Is there any good resource that adding PAM will add security and stability? Looking it's past track record, i saw otherwise
As Our Dear Leader said, avoiding PAM make us to use code less tested and more prone to bugs. In other words, using PAM will add security and stability. And I hope that Patrick Volkerding is a good resource for you. Or you believe you're more catholic than the Pope?
And, one can understand why, Slackware being the only major distribution which still don't use PAM, then all apllications try their best to use right the PAM environment.
In other hand, LinuxPAM as being full of security problems is just one children scaring story which you, our dear package developers, from SBo or whatever, like to tell us...
Last edited by Darth Vader; 01-30-2016 at 03:36 AM.
Would you please tell me which PAMified distro normally used for this purpose?
Considering that every other major distribution sports PAM, you can say there your weapon of choice...
In our case, that's OpenSUSE, and when the end-user vehement and precise wants that, Ubuntu.
For those who don't know yet, iTALC is an application for remote monitoring and control, by the teacher of student computers, widely used by the schools who dare to teach (under) Linux.
And it need (only) basic LinuxPAM and LDAP/AD to do its job, no shiny Kerberos is required.
Maybe one day our Proud Slackwarians will understand that from so much personal Pride, their children (or better, nephews?) learn how to use Ubuntu instead.
Last edited by Darth Vader; 01-30-2016 at 03:47 AM.
As Our Dear Leader said, avoiding PAM make us to use code less tested and more prone to bugs. In other words, using PAM will add security and stability. And I hope that Patrick Volkerding is a good resource for you. Or you believe you're more catholic than the Pope?
And, one can understand why, Slackware being the only major distribution which still don't use PAM, then all apllications try their best to use right the PAM environment.
In other hand, LinuxPAM as being full of security problems is just one children scaring story which you, our dear package developers, from SBo or whatever, like to tell us...
PAM code is technically no more or less stable than non-PAM. PAM code receives more testing for Security testing needs, but it still receives testing as well for general usage purposes.
Packages can be heavily tested and be stable or unstable just as much as packages lighted tested can be equally stable or unstable. Take upstream with a grain of salt over their claims.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.