[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preparing 4.1...

From: Pankaj Garg
Subject: Re: Preparing 4.1...
Date: Sun, 31 Oct 2004 06:03:41 -0800

Yes, I'll put a cautionary note in gnats.texi.

I don't think we can block modules selectively. Anyhow, people
using PAM modules should know what they are doing, and will
be careful of security issues, specially if we warn them.

I'm under the impression that if you use a client and server
on the same machine, then there is no security problem. Is this


On Oct 29, 2004, at 2:33 PM, Chad C. Walstrom wrote:

I'm going to hold off on the PAM patch for just a while longer. Pankaj, do you think it would be possible to add a cautionary note in gnats.texi
regarding the security problems in exposing the PAM to GNATS
authentictation (i.e. plain-text network protocol sniffing)?  For
example, we should suggest that administrators not authenticate system
accounts through GNATS.  Rather, give suggestions for using other PAM
modules to authenticate against alternate passwd or db format files.

(Is it possible to blacklist pam modules for use w/gnats?)

 Pankaj K Garg                         address@hidden
 1684 Nightingale Avenue     408-373-4027
 Suite 201                                  408-733-2737(fax)
 Sunnyvale, CA 94087  

reply via email to

[Prev in Thread] Current Thread [Next in Thread]