On Tue, 11 May 2004, Havoc Pennington wrote: > So the message I've gotten from others is "Windows solves this problem > and Linux does not" and they were aware of the ability to set up a local > passwd file when complaining. > > I think the question we have to answer is why is there a perceived > deficiency vs. Windows, and can we address that without fundamental > security problems. Appears the perceived deficiency would include 1) we > aren't working out of the box, only if you fool around with it and > possibly requiring the end user to run authconfig 2) the local/remote > passwords can get out of sync. Make that "require the end user NOT to run authconfig". Once you fix the pam configs and actually get local authentication as fall-back running, you can never run authconfig again without it undoing all your hard work (though that's historically true of pam customization in general, but may be changing since I vaguely recall recent changelogs mentioning changes to allow preservation of custom password quality settings). At any rate, I don't think it's a case of a "perceived deficiency vs. Windows." It's a perceived deficiency, period, and it's not how other Unixen (Solaris, for example) or even other Linux distros behave.... later, chris
