[nycbug-talk] Change password at next login?

Okan Demirmen okan at demirmen.com
Tue Apr 29 14:49:48 EDT 2008


On Tue 2008.04.29 at 14:38 -0400, Miles Nordin wrote:
> PAM isn't cool.  It's also full of bugs, and its behavior can be
> reliably known only by observation which is exactly the type of
> quirkyness what you *DO NOT* want from a subsystem meant to be
> checking passwords!  no, you don't have to write n * m bits of special
> code, but everyone has m broken applications, and n * m things to test
> looking for surprise security problems.  and, as you found, debuggers
> don't work well any more, source code is hard to find, and the
> internal behavior of modules is not documented, only rather optimistic
> fantasies of how to configure the module are sometimes partially
> documented.  PAM's an embarassment.

to others: while this may seem like a crazy rant, miles is right (and
entertaining).



More information about the talk mailing list