On Thu, 23 Jul 2015 18:12:28 -0400 Garance A Drosehn wrote: > > to write software defensively if you want PAM to not fuck you over. > > It happens that I'm setting up some new (to me) RHEL 7 systems right > now, > and way too much time has been spent fighting with PAM (and I'm not done > yet). So I'll energetically agree with everything Marc says here. Just > a few days ago I was talking with one of other systems-programmers here > at RPI saying how all of PAM should be ripped out and done over. We > happened to be talking about a different failure scenario, but it (PAM) > has always been a headache for me, almost every time I've dealt with it.
Actually it is perfectly well engineered to bring in support revenues to RedHat. Forgive my cynicism but I wouldn't be surprised, I also wouldn't be surprised if banks probably changed the contactless cards design in the UK *after* the security audit and refused to fix it for over two years before apple paid news agencies to make a fuss upon release of apple pay because banks want large fraud numbers to give them somewhere to hide their own "financial engineering" and may have to invent some new fraud causing systems if forced to fix the blatant idiocy. p.s. The guidance is to use pubkey or long passwords in which case you should either have no problem or notice the cpu cycles if your an admin worth any salt.
