Re: systematic Kerberization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 11 May 2004, Havoc Pennington wrote:

> So the message I've gotten from others is "Windows solves this problem
> and Linux does not" and they were aware of the ability to set up a local
> passwd file when complaining.
> 
> I think the question we have to answer is why is there a perceived
> deficiency vs. Windows, and can we address that without fundamental
> security problems. Appears the perceived deficiency would include 1) we
> aren't working out of the box, only if you fool around with it and
> possibly requiring the end user to run authconfig 2) the local/remote
> passwords can get out of sync.

Make that "require the end user NOT to run authconfig". Once you fix the pam
configs and actually get local authentication as fall-back running, you can
never run authconfig again without it undoing all your hard work (though
that's historically true of pam customization in general, but may be
changing since I vaguely recall recent changelogs mentioning changes to 
allow preservation of custom password quality settings).

At any rate, I don't think it's a case of a "perceived deficiency vs. 
Windows." It's a perceived deficiency, period, and it's not how other Unixen 
(Solaris, for example) or even other Linux distros behave....

later,
chris



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux