systematic Kerberization
Chris Ricker
kaboom at gatech.edu
Wed May 12 02:06:09 UTC 2004
On Tue, 11 May 2004, Havoc Pennington wrote:
> So the message I've gotten from others is "Windows solves this problem
> and Linux does not" and they were aware of the ability to set up a local
> passwd file when complaining.
>
> I think the question we have to answer is why is there a perceived
> deficiency vs. Windows, and can we address that without fundamental
> security problems. Appears the perceived deficiency would include 1) we
> aren't working out of the box, only if you fool around with it and
> possibly requiring the end user to run authconfig 2) the local/remote
> passwords can get out of sync.
Make that "require the end user NOT to run authconfig". Once you fix the pam
configs and actually get local authentication as fall-back running, you can
never run authconfig again without it undoing all your hard work (though
that's historically true of pam customization in general, but may be
changing since I vaguely recall recent changelogs mentioning changes to
allow preservation of custom password quality settings).
At any rate, I don't think it's a case of a "perceived deficiency vs.
Windows." It's a perceived deficiency, period, and it's not how other Unixen
(Solaris, for example) or even other Linux distros behave....
later,
chris
More information about the fedora-devel-list
mailing list