PAM

[thenktor]

Pluggable Authentication Modules

Slackware doesn't use PAM, Zenwalk uses PAM. What are the advantages/disadvantages of PAM? Do we want to use it? AFAIK every modern distribution uses it but I have no idea why?

[Sparky]

Using PAM allows you to use things like fingerprint readers and webcam facial recognition as login credentials through a plugin system. That's all I've ever used it for, anyway, perhaps it does other stuff too. It's certainly no big deal if we don't have PAM though, I never used those gimmicky login devices for more than just fun purposes.

[thenktor]

Hmm, I know that there are a lot notebooks with these fingerprint sensors.

[gapan]

It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.

[Shador]

That's why I type in my password plain.

If there a no real arguments for PAM, I don't see why we should add it because my impression was also that it's just complicating things (e.g. autologin you get that lastlogin message).

[.:B:.]

And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.

As I understood it PAM allows for more fine-grained control. I have noticed the slowdown too; I didn't know PAM was responsible for that.

As for fingerprint readers - they're crap and give a false sense of security. You don't need high tech gear to duplicate fingerprints (as the German C't magazine once tested).

[Sparky]

It's simpler without pam! And I don't know if you've noticed, but if you have pam, the password prompt after issuing "su" takes a while to show up, but without pam it's instant.

In that case, I vote a thousand times against including PAM. That little delay doesn't seem like much, but I su a lot, and the delay really gets to me.

[JRD]

Decision taken too quickly.
We must search the benefits of PAM (we already found one), the disavantages (we already found one), and take a dicision uppon this.
What do you think ?

[.:B:.]

I think it certainly merits an in-depth study JRD . Excellent point.

This is what Red Hat lists as its advantages:

* It provides a common authentication scheme that can be used with a wide variety of applications.
* t allows great flexibility and control over authentication for both the system administrator and application developer.
* t allows application developers to develop their program without implementing a particular authentication scheme. Instead, they can focus purely on the details of their program.

[JRD]

Thanks B.
It's a bit blurred (with no example) but it's a start.
I know that xscreeensaver can use it. I personaly recompiled it with pam to have a good authentification mecanism (I have problems without it) and with others option. It's the only example I know.