>Gm... If you are not able to apply a patch for /bin/login, why should you use ssh anyway? :)
>HHOK :)

Indeed; perhaps not to add to the security problems sshd itself has had?
(It too has had a few remote exploits)

(reformatted)

>If SUN would implement all that functionality of /bin/login through PAM
>(like this is done in Linux-PAM, for example, where you have PAM, which
>check /etc/shells, PAM, which check tty for root, PAM , which sets
>limits for a user and so on), that MIGHT be nice (hey! SUN people! is
>it a problem? :) or there are some hidden reasons not to do that? ),
>course this give you some flexibility, over traditional scheme.

There's definitely a good argument for splitting some of the login/ftp
restrictions and other stuff out into PAM modules.

However, all the checks and such are added easy enough to the PAM
modules; setting up the environment might not be (we would need
to look at the usage of PAM modules of the various components that
authenticate users)

BTW, "dtlogin" does *not* use /bin/login.

Casper

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]