From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6907 invoked from network); 21 Jun 2004 07:25:59 -0000 Received: from unknown (HELO lists.gnu.org) (199.232.76.165) by sourceware.org with SMTP; 21 Jun 2004 07:25:59 -0000 Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1BcJD2-0006Dd-IX for listarch-gnats-devel@sources.redhat.com; Mon, 21 Jun 2004 03:27:16 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1BcJCv-0006DR-3z for help-gnats@gnu.org; Mon, 21 Jun 2004 03:27:09 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1BcJCt-0006Cp-6t for help-gnats@gnu.org; Mon, 21 Jun 2004 03:27:08 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1BcJCt-0006Cm-0R for help-gnats@gnu.org; Mon, 21 Jun 2004 03:27:07 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.34) id 1BcJAz-0004UL-6S for help-gnats@gnu.org; Mon, 21 Jun 2004 03:25:09 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id i5L7P6982887 for ; Mon, 21 Jun 2004 00:25:06 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id i5L7P1J06210; Mon, 21 Jun 2004 00:25:01 -0700 (PDT) (envelope-from mdb@juniper.net) To: help-gnats@gnu.org In-reply-to: Mail from Chad Walstrom dated Sun, 20 Jun 2004 12:58:49 CDT <20040620175849.GC13514@wookimus.net> References: <20040610205814.GA27286@wookimus.net> <40CDCBEA.9050505@earthlink.net> <20040614165706.GG3528@wookimus.net> <40D5BE7A.2080503@earthlink.net> <93229.1087751132@juniper.net> <20040620173908.GB13514@wookimus.net> <20040620175849.GC13514@wookimus.net> From: "Mark D. Baushke" X-Mailer: MH-E 7.4.3+cvs; nmh 1.0.4; GNU Emacs 21.1.1 X-Face: #8D_6URD2G%vC.hzU Subject: Re: PAM Authentication Patch X-BeenThere: help-gnats@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: General discussion about GNU GNATS List-Archive: List-Post: List-Help: List-Subscribe: , Sender: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org Errors-To: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org X-SW-Source: 2004-q2/txt/msg00177.txt.bz2 Chad Walstrom writes: > Chad Walstrom wrote: > > We should make it abundantly clear in the > > documentation that use of PAM authentication > > should be thoroughly protected. If such > > measures cannot be taken, don't enable PAM. > > Additionally, we can't always assume that > because something uses PAM, it'll authentication > against system accounts. There are dbm modules, > ldap modules, etc. that can be used for account > management. While I do understand that it is *possible* to enable PAM and not endanger other applications or systems. I also understand that very few people or organizations will consider keeping such things separate in such a safe configuration unless the documentation clearly states that there are security implications to be considered. Yes, I am being paranoid. right now it seems fairly clear that gnatsd authentication is not very strongly protected. Folks are more likely to believe something is 'secure' if it can talk to PAM even though there may be explicit basis for that belief. -- Mark _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnats