[nycbug-talk] Change password at next login?
okan at demirmen.com
Tue Apr 29 14:49:48 EDT 2008
On Tue 2008.04.29 at 14:38 -0400, Miles Nordin wrote:
> PAM isn't cool. It's also full of bugs, and its behavior can be
> reliably known only by observation which is exactly the type of
> quirkyness what you *DO NOT* want from a subsystem meant to be
> checking passwords! no, you don't have to write n * m bits of special
> code, but everyone has m broken applications, and n * m things to test
> looking for surprise security problems. and, as you found, debuggers
> don't work well any more, source code is hard to find, and the
> internal behavior of modules is not documented, only rather optimistic
> fantasies of how to configure the module are sometimes partially
> documented. PAM's an embarassment.
to others: while this may seem like a crazy rant, miles is right (and
More information about the talk