:: Re: [DNG] PAM usage
Top Page
Delete this message
Reply to this message
Author: Rainer Weikusat
Date:  
To: dng
Subject: Re: [DNG] PAM usage
Teodoro Santoni <asbrasbra@???> writes:
> 2016-01-04 21:43 GMT+01:00, Rainer Weikusat <rainerweikusat@???>:
>> karl@??? writes:
>>> chaosesqueteam@???:
>>>> I don't understand the desire to change it at all.
>>>
>>> And neither do I.
>>> Except someone talked about ssl libs.
>>
>> Someone wrote about some PAM module which would require OpenSSL. No such
>> PAM module currently exists on my system and I don't quite understand
>> why 'PAM modules' would be needed for booting a system, anyway.
>
> Nothing is impossible and someone may wish to integrate his/her wordpress' login
> credentials with the computer(s) he/she manage.
> I recognize it's a stupid example.


It's certainly possible to program something like this but even the
'mount /usr in initramfs' Debian-text admits that there's presently
nothing which would need this, just something 'someone' might create
in future. Within the envisioned 'release goal', the only practical
effect is thus to break systems using /usr on a distinctive partition
but no initramfs ("Know them by their fruits"?), or at least, the text
claims this. But the UNIX(*)-filesystem namespace is supposed to be
device-independent and in absence of the special case of 'software
needed to boot the system', no two directories are required to reside on
the same physical device. That's a fundamental property of the system
which exists completely indepedently of someone's inability (or
unwillingness) to imagine of something this could be good for.

[...]

> But do any of you find useful to have PAM? Do any of you need
> single-sign-on, TPM, smart-cards that unlock ttys, integrate kerberos
> with linux, or the like?


I've actually used PAM for transparently migrating a flat-file based
multi-user 'workplace server' to Kerberos which came in very handy when
(after the death of the last 'real' X-terminal) the complete
installation was migrated to SunRays. But that was more than ten years
ago and a part of the only 'volunteering'[*] task I'm ever going to do.

[*] The people profitting from something like this typically don't care
    because "it's free" but there are truckloads of people who don't
    profit from the 'management position' in the way they believe they
    could wasn't it done by someone else (and were they willing to put
    any real work in) and this makes for seriously ugly endings ...