My basic understanding is that pam without kereberos would not supply enough of the features those who have asked for pam here desire to make sense adding it like that, however I only know that from following the discussion.

It does not matter if any slackbuilds I am maintaining directly depend on pam or not, their own dependencies or the dependencies of those do and I could not in good conscious submit slackbuilds that have not been tested in such a system.

That is exactly it. Adding PAM without adding Kerberos would be like, dare I say, adding Bluez 5 without adding PulseAudio.

6 members found this post helpful.

Sure, without Kerberos, the PAM is well limited, still strong enough to support the iTALC, an application hugely used into schools or, for example, finger-print readers, making it an interesting alternative for those who sell laptops with Linux pre-installed.

In other hand, what if PAM is adopted by Slackware and, of course, Slackbuilds.org should follow it? And it should follow, because mixing PAMified/non-PAMified packages is not the luckiest idea. What you proceed? You will accept to work under PAM?

But will be better than nothing.

I will suggest to think to a single application, wanting PAM only: iTALC

And I know well why I treat that application very serious: iTALC being widely used into schools.

If that happens, I have no doubt that most if not all SlackBuilds maintainers will adapt their scripts accordingly. But they will have to do that only once and cope with only one situation (no option with/without PAM) thus the flow of support requests addressed to them probably won't increase too much due to the new situation. This has been already pointed out many times in this thread.

But this is very hypothetical and is unlikely to happen in the current development cycle, so wait and see.

"What if" is generally a good question but also reminds me our old saying: "Avec des si, on mettrait Paris en bouteille" (with ifs one would put Paris in a bottle).

1 members found this post helpful.

This would also be nice.

https://www.ldap-account-manager.org/lamcms/

Side note for non-french speaking ones: a pun comes from "if" ('si' in french) sounding likes "saw" ('scie' in french), so you can understand the direct sense "with some ifs you can", or the double-sense "with some saws you can".

It was my 5 cents for "culture".

1 members found this post helpful.

If it's only accessible locally... I tend to be very suspicious about those "web interface" which are so standard that every black hat can "robotize" any attacks... I know it's a trend, but I find that very unsafe. Of course if you change port and use an unconventional location + ssl it reduces the risk, but... Well maybe "I'm to old for this shit", but I'd rather use terminal only configuration (editor, custom script whatever BUT a WWW frontend ).

BTW, I can understand in your case, moreover if you can delegate user add/remove to some "school manager", it will be simpler to use for someone who's not a power-user.

How many people lost their data using "phpmyadmin" and leaving it in the default location ?

Oups sorry, I added a layer of pollution to this thread .

Cheers,

Garry.

Interesting package

Would you please tell me which PAMified distro normally used for this purpose?

Well, our POV is different on this
Adding PAM adds more burden since you need to make sure all packages in slackware works with PAM. Slackware works without PAM and still doing it's job up to now

Is there any good resource that adding PAM will add security and stability? Looking it's past track record, i saw otherwise

As Our Dear Leader said, avoiding PAM make us to use code less tested and more prone to bugs. In other words, using PAM will add security and stability. And I hope that Patrick Volkerding is a good resource for you. Or you believe you're more catholic than the Pope?

And, one can understand why, Slackware being the only major distribution which still don't use PAM, then all apllications try their best to use right the PAM environment.

In other hand, LinuxPAM as being full of security problems is just one children scaring story which you, our dear package developers, from SBo or whatever, like to tell us...

Is there any good resource that adding PAM will remove security and stability?

Considering that every other major distribution sports PAM, you can say there your weapon of choice...

In our case, that's OpenSUSE, and when the end-user vehement and precise wants that, Ubuntu.

For those who don't know yet, iTALC is an application for remote monitoring and control, by the teacher of student computers, widely used by the schools who dare to teach (under) Linux.

And it need (only) basic LinuxPAM and LDAP/AD to do its job, no shiny Kerberos is required.

Maybe one day our Proud Slackwarians will understand that from so much personal Pride, their children (or better, nephews?) learn how to use Ubuntu instead.

1 members found this post helpful.

Jeremy, would you consider replacing that Hat Tip gif with goatse? It would be slightly less annoying.

8 members found this post helpful.

PAM code is technically no more or less stable than non-PAM. PAM code receives more testing for Security testing needs, but it still receives testing as well for general usage purposes.

Packages can be heavily tested and be stable or unstable just as much as packages lighted tested can be equally stable or unstable. Take upstream with a grain of salt over their claims.

5 members found this post helpful.