The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need status reports on PAM and LIBC 6, please



Christoph Lameter wrote:
> 
> Did you talk with Morgan about the issues?

This is the first I've heard from anyone on the Debian list.. (in 6 months).
[I am not subscribed so please email me if you want my comments.]

> On Wed, 15 Jan 1997, Galen Hazelwood wrote:
> galenh >Bruce Perens wrote:
> galenh >> 
> galenh >> I would like to see a status report on PAM. Is it solid enough to put it in
> galenh >> "bo" now? We need to make a go-or-no-go decision on it soon. What is our
> galenh >> fall-back plan if PAM is still not ready? Do we deploy shadow password
> galenh >> everywhere and save PAM for later?
> galenh >> 

pam-0.55 only has two known bugs: pam_warn and pam_mail are broken.. These
will be fixed in the next alpha release: 0.56preA, but are not
vital/necessary for the operation of a Linux box. (There are a number of
modules that use libpwdb -- you can choose not to build these when you
compile with a top-level Makefile define.)

I would be more concerned that you have sufficient login etc.. applications
that use PAM and can fill your system with. I have written three from
scratch: su/login and passwd. The first two do not use libc's getpw..
functions but libpwdb instead. It should not be that hard to make them use
libc if you really need this, but then they will have trouble with radius
and all the other things that are getting integrated into libpwdb.

On the other hand Red Hat have done the work to hack most applications (ftp
etc. included) to use pam. They have been shipping their distributions with
PAM for 5 months now. Incidentally, they use su and login based on the poe
ones, but their passwd application is an older version of mine.

> galenh >I've been having a terrible time with the 0.55 sources, which I
> galenh >downloaded out of curiosity.  My gut feeling is "no go".  Let's just

If there are any problems regarding PAM I would appreciate some email on
them. PAM is being deployed around the world at a frighteningly fast rate.
All problems are potential security problems and I will sleep better at
night to think they are being fixed. At the very least, difficulties
configuring PAM should be better explained in the documentation.

> galenh >deploy shadow password support, PAM supports shadow passwords anyway.
> galenh >Does anybody have a more informed opinion?

For the record 1.00 will be the first official release (which I will
announce on c.o.l.a). I anticipate this will be before June. All releases
prior to this are beta. Anything with a 'pre' in the title is alpha.

Best wishes

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com