[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Preparing 4.1...
|
From: |
Pankaj Garg |
|
Subject: |
Re: Preparing 4.1... |
|
Date: |
Sun, 31 Oct 2004 06:03:41 -0800 |
Yes, I'll put a cautionary note in gnats.texi.
I don't think we can block modules selectively. Anyhow, people
using PAM modules should know what they are doing, and will
be careful of security issues, specially if we warn them.
I'm under the impression that if you use a client and server
on the same machine, then there is no security problem. Is this
correct?
Pankaj
On Oct 29, 2004, at 2:33 PM, Chad C. Walstrom wrote:
I'm going to hold off on the PAM patch for just a while longer.
Pankaj,
do you think it would be possible to add a cautionary note in
gnats.texi
regarding the security problems in exposing the PAM to GNATS
authentictation (i.e. plain-text network protocol sniffing)? For
example, we should suggest that administrators not authenticate system
accounts through GNATS. Rather, give suggestions for using other PAM
modules to authenticate against alternate passwd or db format files.
(Is it possible to blacklist pam modules for use w/gnats?)
--
Pankaj K Garg address@hidden
1684 Nightingale Avenue 408-373-4027
Suite 201 408-733-2737(fax)
Sunnyvale, CA 94087 http://www.zeesource.net
- Preparing 4.1..., Chad C. Walstrom, 2004/10/29
- Re: Preparing 4.1...,
Pankaj Garg <=