Hi,
>>"Shaya" == Shaya Potter <[EMAIL PROTECTED]> writes:
Shaya> Just to get in a point about pam, I've been talking to a person
Shaya> here at NRL who is involved with linux, and networking security
Shaya> in general, and he feels PAM is flawed in some serious ways.
Shaya> He feels that a PAM based system can open your system to many
Shaya> different types of attacks which aren't "normal" now. That's
Shaya> not to say he doesn't like the "idea" of PAM. He thinks the
Shaya> idea is good, except that PAM's implementation is bad.
Could we have some details, please? I dislike FUD being spread
with no hard references to follow. (Names, white papers, techniques,
shortcomings).
Look at: http://www.opengroup.org/tech/rfc/rfc86.0.html. That is a
proposal and a framefork for incorporating PAM into DCE security. DCE
is (IMHO) a great product, but it missed it's window of opportunity,
and probably DCE security is what keeps breath in the product. I
think that obvious security flaws would have been addressed.
Shaya> Now, I don't know much about it, but I have a lot of respect
Shaya> for the persons opinion.
From a security perspective, I'd be crazy to put any
confidence in a defect report with this kind of a reference.
manoj
ps. Also, there is http://www.opengroup.org/tech/rfc/rfc5.2.html,
the Generic Security Service Application Program Interface (GSS-API),
which is kinda nice.
--
"I don't know that atheists should be considered citizens, nor should
they be considered patriots. This is one nation under God." George
Bush in Free Inquiry magazine, Fall 1988
Manoj Srivastava <url:mailto:[EMAIL PROTECTED]>
Mobile, Alabama USA <url:http://www.datasync.com/%7Esrivasta/>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
