Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Casper Dik (Casper.DikSun.COM)
Date: Thu Jan 31 2002 - 07:16:24 CST
>Gm... If you are not able to apply a patch for /bin/login, why should you use ssh anyway? :)
Indeed; perhaps not to add to the security problems sshd itself has had?
(It too has had a few remote exploits)
>If SUN would implement all that functionality of /bin/login through PAM
>(like this is done in Linux-PAM, for example, where you have PAM, which
>check /etc/shells, PAM, which check tty for root, PAM , which sets
>limits for a user and so on), that MIGHT be nice (hey! SUN people! is
>it a problem? :) or there are some hidden reasons not to do that? ),
>course this give you some flexibility, over traditional scheme.
There's definitely a good argument for splitting some of the login/ftp
restrictions and other stuff out into PAM modules.
However, all the checks and such are added easy enough to the PAM
modules; setting up the environment might not be (we would need
to look at the usage of PAM modules of the various components that
BTW, "dtlogin" does *not* use /bin/login.