View previous topic :: View next topic |
Did/do you like PAM? |
Not at all! |
|
39% |
[ 219 ] |
I don't care - stop bothering me! |
|
39% |
[ 219 ] |
Yes, I cannot be without PAM. |
|
20% |
[ 114 ] |
|
Total Votes : 552 |
|
Author |
Message |
gungholady Guru
Joined: 19 Oct 2003 Posts: 392
|
Posted: Thu Mar 03, 2005 10:47 am Post subject: |
|
|
I had to mask the newest version of gdm because it wanted to pull in pam. I don't want pam on my system. Can someone that is good at it please do an ebuild for gdm without pam? |
|
Back to top |
|
|
micmac l33t
Joined: 28 Nov 2003 Posts: 996
|
Posted: Thu Mar 03, 2005 2:29 pm Post subject: |
|
|
It's just nice to keep things simple. In case I don't like device perms I can just edit /etc/udev/permissions.d/50-udev.permissions. To be honest, I just had to change 1 line and add 2.
dvb/*:root:video:0660 ## added
hdc:root:cdrom:660 ## "
hda*:root:disk:660 #changed
So it appears to me that the default permissions must be usable So why PAM for my box?
I don't use sshd or the like which can use PAM authentication. So I don't miss PAM.
Later
mic |
|
Back to top |
|
|
Imago Apprentice
Joined: 25 Nov 2004 Posts: 157 Location: Germany
|
Posted: Thu Mar 03, 2005 3:51 pm Post subject: |
|
|
lefsha wrote: |
I see. But kind of programs you mean? The programs which I need at home.
|
just take your login application(login/qingy/kdm/gdm/entrance/whatever) as an example.
Im pretty sure you need one of them at your system
lefsha wrote: |
Contra-productive from your side. I can call a lot of thing which are
contra-productive in Gentoo, but it is not common opinion.
|
Not only from my side, but from a more general technical point of view. It just makes more sense to move common used code to a library and provide a proper interface for applications to use it. Thats one of the basic principle in the world of software engineering.
lefsha wrote: |
You are right, from this point of view. But! Why I should have something I can live without.
|
jupp, you could also nuke all of the {jpeg,png,gif}libs from your system and let the applications handle
all that stuff themselves.
But again, that doesnt make much sense, see above.
lefsha wrote: |
I would say, that Gentoo or better to say Linux is bloated.
Because every brave (not german word ) guy thinks that his realization of some lib
is better then other. So we have thousend of realization of the same lib.
And to work with Linux properly I need all of them.
|
That might be true to a certain extend.But thats not a problem of Linux, but one side-effect of the open source world in general.
micmac wrote: |
It's just nice to keep things simple. In case I don't like device perms I can just edit /etc/udev/permissions.d/50-udev.permissions. To be honest, I just had to change 1 line and add 2.
|
Thats also the way I handle it
Just switch off the pam module which handles device permissions.(which is going to be "off" by default in future)
CU
Imago |
|
Back to top |
|
|
Rafal_Glazar Apprentice
Joined: 10 Jul 2004 Posts: 167 Location: Rzeszow, Poland
|
Posted: Thu Mar 03, 2005 5:14 pm Post subject: |
|
|
gungholady wrote: | I had to mask the newest version of gdm because it wanted to pull in pam. I don't want pam on my system. Can someone that is good at it please do an ebuild for gdm without pam? |
There you have it. There are ebuilds for gdm 2.6.0.6 and 2.6.0.7. Both compiles fine. Gdm 2.6.0.6 works fine. As for 2.6.0.7 I dont know cause I dont use it so be warned. _________________ "All I ask for is choice. I want to be able to go into any store you can buy a computer in and say, "I want ______ OS on this computer." Is that too much to ask? We can't always be looking out Windows. We also need to get work done." - Bill Olson |
|
Back to top |
|
|
smitten n00b
Joined: 19 Sep 2004 Posts: 51
|
|
Back to top |
|
|
gungholady Guru
Joined: 19 Oct 2003 Posts: 392
|
Posted: Fri Mar 04, 2005 2:26 am Post subject: |
|
|
Rafal_Glazar wrote: | gungholady wrote: | I had to mask the newest version of gdm because it wanted to pull in pam. I don't want pam on my system. Can someone that is good at it please do an ebuild for gdm without pam? |
There you have it. There are ebuilds for gdm 2.6.0.6 and 2.6.0.7. Both compiles fine. Gdm 2.6.0.6 works fine. As for 2.6.0.7 I dont know cause I dont use it so be warned. |
Thank you. I'll give it a try. |
|
Back to top |
|
|
placeholder Advocate
Joined: 07 Feb 2004 Posts: 2500
|
Posted: Fri Mar 04, 2005 1:24 pm Post subject: |
|
|
You guys could just use XDM. As long as Xorg is compiled with -pam it will not require it and it is faster than GDM and IMO, lighter is better. |
|
Back to top |
|
|
adaptr Watchman
Joined: 06 Oct 2002 Posts: 6730 Location: Rotterdam, Netherlands
|
Posted: Tue Mar 08, 2005 3:31 pm Post subject: |
|
|
greg_g wrote: | soda_popstar wrote: | What's so bad about PAM? I'm kinda uninformed on the issue... why do so many people dislike it? Are there advantages to not using it? |
PAM was really a great thing when it came out, but the it became totally, absolutely unmainteined. Take this snippet from the pam_console module (the one that changes permissions on login):
/usr/share/doc/pam-0.77-r1/modules/README.pam_console.gz wrote: | Please note: the current version depends on too many external tools
and libraries, making it big and hard to evaluate for security.
This is only a bootstrap stage; I'll be fixing it later. I'm using
lex/yacc right now so that it is trivial to change the grammar, and
I'm using glib because I didn't want to write my own hashtables
while I was busy thinking about file locking. Don't report those
as bugs, I'll fix them later once I've ironed out the important
details...
Michael K. Johnson
Red Hat Software, Inc.
Copyright 1999 Red Hat Software, Inc.
|
5 years passed,so that glib dependency should have changed, right? |
Okay.. so it's not really maintained.
That answers neither his original question nor my own: why should one use or not use PAM ?
Not saying that you should know, you understand
I've never used a system without PAM (RedHat, Debian, Gentoo) so I guess I've always assumed it was good for something.
So... IS it actually good for something, or can all of its functionality be accomplished some other way ? _________________ >>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
Back to top |
|
|
Voltago Advocate
Joined: 02 Sep 2003 Posts: 2593 Location: userland
|
Posted: Tue Mar 08, 2005 4:49 pm Post subject: |
|
|
Pwnz3r wrote: | You guys could just use XDM. As long as Xorg is compiled with -pam it will not require it and it is faster than GDM and IMO, lighter is better. |
And also butt-ugly. |
|
Back to top |
|
|
Omega21 l33t
Joined: 14 Feb 2004 Posts: 788 Location: Canada (brrr. Its cold up here)
|
Posted: Wed Mar 09, 2005 6:25 am Post subject: |
|
|
PLEEEEEAAASSSSEEEEE dont laugh at me... whats this PAM you speak of?
It sounds awfully negative? _________________ iMac G4 1GHz :: q6600 //2x 500GB//2GB RAM//8600GT//Gentoo :: MacBook Pro//2.53GHz |
|
Back to top |
|
|
flazz Guru
Joined: 22 Nov 2003 Posts: 496 Location: Florida
|
Posted: Wed Mar 09, 2005 7:28 am Post subject: |
|
|
pam pissed me off twice already: once by not letting me have remote x connections through ssh, and after i updated system only root could access my cdrom.
is pam supposed to get more standardized in gentoo or is udev going to take over as the default method inthe base system?
can someone compare and contrast pam and udev. |
|
Back to top |
|
|
micmac l33t
Joined: 28 Nov 2003 Posts: 996
|
Posted: Fri Mar 11, 2005 1:13 am Post subject: |
|
|
Voltago wrote: | Pwnz3r wrote: | You guys could just use XDM. As long as Xorg is compiled with -pam it will not require it and it is faster than GDM and IMO, lighter is better. |
And also butt-ugly. |
lol, totally true. But it does the job.
mic |
|
Back to top |
|
|
rukka n00b
Joined: 31 Dec 2004 Posts: 47 Location: Hesse
|
Posted: Sun Mar 13, 2005 2:34 am Post subject: |
|
|
Oktane wrote: | Hmm, I've been very satisfied with my PAM-free Gentoo but I noticed that lastlog doesn't keep track of last logins:
Code: |
username tty3 **Never logged in**
|
I am 95% sure this has something to do with PAM, or actually lack of it Same goes for logging in; it doesn't show last time when I logged in. |
I'm late but ...
Following: Grab this little 4 line patch, apply it and "lastlog" keeps track of your last logins. A simple "last | head" always showed the correct logins, no matter what lastlog said. With this patch your PAM-free system is perfekt.
Greetings, rukka |
|
Back to top |
|
|
WhimpyPeon Apprentice
Joined: 18 Oct 2003 Posts: 158 Location: Columbus, Nebraska
|
Posted: Sun Mar 20, 2005 3:40 am Post subject: Pam Freedom |
|
|
Me pam free!
I just got done compiling the last of everything. Had a couple of bugs already mentioned (gnome, openoffice) and one I had not seen with sshd (use pam) in the config. I don't know if it's the clean compiles of newer versions I needed to update badly, but my computer seems much happier and responsive.
Wooo Hooo! |
|
Back to top |
|
|
MrApples Guru
Joined: 13 Dec 2002 Posts: 511
|
Posted: Sun Mar 20, 2005 7:37 am Post subject: |
|
|
Voltago wrote: | Pwnz3r wrote: | You guys could just use XDM. As long as Xorg is compiled with -pam it will not require it and it is faster than GDM and IMO, lighter is better. |
And also butt-ugly. | it doesnt have to be, you can make xdm look great _________________ http://www.whatsinyourbox.org -- Technology discussion, news, and more. |
|
Back to top |
|
|
kamagurka Veteran
Joined: 25 Jan 2004 Posts: 1026 Location: /germany/munich
|
Posted: Fri Apr 15, 2005 2:00 pm Post subject: |
|
|
quick question:
When I boot I now get a lot of "syntax errors" from /etc/security/console.perms; if I understand correctly, /etc/security is the pam directory, and should be safe to remove now, right? _________________ If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word |
|
Back to top |
|
|
gentoo_lan l33t
Joined: 08 Sep 2004 Posts: 891 Location: Charles Town, WV
|
Posted: Sat Apr 30, 2005 9:36 pm Post subject: |
|
|
So does anyone have any ideas on how to get entrance to work without pam? I have been unsuccessful but I was hoping someone had some ideas on how to do this. |
|
Back to top |
|
|
afabco Guru
Joined: 24 Feb 2004 Posts: 380
|
Posted: Tue May 24, 2005 3:16 am Post subject: |
|
|
taking tentative steps to become pam-free.
I put -pam in make.conf USE.
# emerge -C pam pam-login shadow
# emerge shadow
wget barfs with a pam dependency, so....
# USE="-ssl -pam" emerge wget
<snip>
/usr/lib/gcc/i686-pc-linux-gnu/3.4.3-20050110/../../../../i686-pc-linux-gnu/bin/ld: cannot find -lpam
collect2: ld returned 1 exit status
make[1]: *** [wget] Error 1
make[1]: Leaving directory `/var/tmp/portage/wget-1.9.1-r5/work/wget-1.9.1/src'
make: *** [src] Error 2
what to do now?
thx _________________ Anyone who puts a small gloss on a fundamental technology, calls it proprietary, and then tries to keep others from building on it, is a thief.
-Tim O'Reilly |
|
Back to top |
|
|
Scorpion265 Tux's lil' helper
Joined: 05 May 2005 Posts: 129 Location: Kansas City, MO
|
Posted: Tue May 31, 2005 4:14 am Post subject: |
|
|
I myself am not a big fan of pam, it always seemed to get in the way of things. Let me get one thing straight, if I rebuild a system (I always do a stage1) it will be with out pam? or do I have to specify that in /etc/make.conf? |
|
Back to top |
|
|
zeveck Apprentice
Joined: 17 Mar 2005 Posts: 173 Location: Boston, MA
|
Posted: Sun Jun 26, 2005 5:11 pm Post subject: |
|
|
After removing PAM I get this whenever I try to login and enter a bad login/password:
Code: | This is \n.\O (\s \m \r) \t |
Anybody else seen this? know where it is coming from? how to get rid of it? |
|
Back to top |
|
|
zeveck Apprentice
Joined: 17 Mar 2005 Posts: 173 Location: Boston, MA
|
Posted: Sun Jun 26, 2005 5:26 pm Post subject: |
|
|
It appears that vlock requires PAM.
It does not have any USE flags associated, but I can see in the compiling instructions:
Code: | gcc -O2 -march=penium2 -DUSE_PAM -c -o vlock.o vlock.c |
How would I fix this? Should I report it as a bug? What's the best way to do that? |
|
Back to top |
|
|
sdk n00b
Joined: 26 Mar 2003 Posts: 58 Location: Russia, Rostov-on-Don
|
Posted: Mon Jun 27, 2005 8:47 pm Post subject: |
|
|
Just removed pam today .
But there's one problem - I can't 'sudo' at all.
'su' began to work, after I set SU_WHEEL_ONLY to 'no' (thanks for this), but still no luck with sudo.
I've added
to /etc/sudoers, but it doesn't accept root password - it says that it's incorrect. I've tried several times to be sure that I type it correctly.
Any ideas what's wrong with my lovely "sudo"? _________________ Sorry for bad English, my $native_language = $perl |
|
Back to top |
|
|
micmac l33t
Joined: 28 Nov 2003 Posts: 996
|
Posted: Tue Jun 28, 2005 8:34 pm Post subject: |
|
|
Have you recompiled sudo? Because the ebuild has a pam USE flag, too. You can check with
emerge -uD --newuse world -pv
which ebuilds are affected by your USE flag changes.
Cheers
mic |
|
Back to top |
|
|
gregw Tux's lil' helper
Joined: 20 Nov 2004 Posts: 106 Location: Warrington, Cheshire, England
|
Posted: Thu Aug 11, 2005 12:43 pm Post subject: |
|
|
PAM is without doubt the most useless piece of software I have ever come across. (Actually the 2nd, the first has to be Windoze XP )
Why?
1) .conf files are meaningless
2) It has beginnings in the Dead Rat project
3) Things always break when it updates
4) I dont need that level of "protection" on this box
5) If I needed more protection I'll use SELinux with mandatory access control
I feel better now!!!!!
GregW |
|
Back to top |
|
|
totopo n00b
Joined: 29 Sep 2004 Posts: 73 Location: Austria
|
Posted: Fri Oct 07, 2005 8:43 am Post subject: it's too much |
|
|
It's too much, what should I do to ge rid of PAM?
Please help
Code: |
# equery depends pam
[ Searching for packages depending on pam... ]
dev-libs/cyrus-sasl-2.1.20
dev-util/cvs-1.12.12-r2
gnome-base/gdm-2.8.0.3
kde-base/kdebase-pam-6
mail-client/pine-4.63-r3
net-fs/samba-3.0.14a-r2
net-mail/mailbase-1
net-misc/openssh-3.9_p1-r3
net-print/cups-1.1.23-r1
sys-apps/pam-login-3.17
sys-apps/util-linux-2.12r
sys-apps/shadow-4.0.7-r4
sys-process/vixie-cron-4.1-r8
x11-misc/xscreensaver-4.22-r4
|
|
|
Back to top |
|
|
|