Re: /etc/default/passwd and SSH

From: Casper *** (Casper.***@Sun.COM)
Date: 01/31/02

Previous message: Ivanov, Vladimir: "RE: /etc/default/passwd and SSH"
In reply to: Ivanov, Vladimir: "RE: /etc/default/passwd and SSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-sun@securityfocus.com
Date: Thu, 31 Jan 2002 14:16:24 +0100
From: Casper *** <Casper.***@Sun.COM>

>Gm... If you are not able to apply a patch for /bin/login, why should you use ssh anyway? :)
>HHOK :)

Indeed; perhaps not to add to the security problems sshd itself has had?
(It too has had a few remote exploits)

(reformatted)

>If SUN would implement all that functionality of /bin/login through PAM
>(like this is done in Linux-PAM, for example, where you have PAM, which
>check /etc/shells, PAM, which check tty for root, PAM , which sets
>limits for a user and so on), that MIGHT be nice (hey! SUN people! is
>it a problem? :) or there are some hidden reasons not to do that? ),
>course this give you some flexibility, over traditional scheme.

There's definitely a good argument for splitting some of the login/ftp
restrictions and other stuff out into PAM modules.

However, all the checks and such are added easy enough to the PAM
modules; setting up the environment might not be (we would need
to look at the usage of PAM modules of the various components that
authenticate users)

BTW, "dtlogin" does *not* use /bin/login.

Casper

Previous message: Ivanov, Vladimir: "RE: /etc/default/passwd and SSH"
In reply to: Ivanov, Vladimir: "RE: /etc/default/passwd and SSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]