public inbox for gnats-devel@sourceware.org
 help / color / mirror / Atom feed
From: "Mark D. Baushke" <mdb@juniper.net>
To: gargp@acm.org
Cc: help-gnats@gnu.org
Subject: Re: PAM Authentication Patch
Date: Sun, 20 Jun 2004 17:59:00 -0000	[thread overview]
Message-ID: <93229.1087751132@juniper.net> (raw)
In-Reply-To: Mail from Pankaj K Garg <gargp@earthlink.net>  dated Sun, 20 Jun 2004 09:42:34 PDT <40D5BE7A.2080503@earthlink.net>

Pankaj K Garg <gargp@earthlink.net> writes:

> I'm attaching a patch for enabling PAM
> authentication support.
> 
> To keep the patch file small, I've not included
> the diffs to the files 'configure' and
> 'gnats/configure'. Use autoconf to generate
> these two files. If you need the generated
> files, let me know and I'll create another
> patch.
> 
> PAM support can now be enabled by using
> '--enable-pam' switch to configure.
> 
> With PAM support enabled, you can put an entry
> in the gantsd.user_access file as:
> 
>    <user>:$p$:<access-level>
> 
> and the authentication for the user will be done
> against the configured PAM modules.
> 
> The name of the PAM service is taken from the
> DEFAULT_GANTS_SERVICE define, so by default it
> should be 'support'. Hence, you can configure
> PAM by creating the file /etc/pam.d/support on
> RH Linux.
> 
> I've tried to make appropriate changes to the
> documentation. Let me know if any other document
> requires update.
> 
> I've done some preliminary testing on my RH 9.0
> Linux. Please let me know if there's any problem
> with it.
> 
> Pankaj

The biggest problem I have with PAM support for
gnatsd is that you will now be sending a
credential across the network in the clear which
is presumably able to be used as a credential
outside of gnats. This could lead to a simple
password replay attack to gain access to systems
by unauthorized individuals or their agents.

I strongly urge you to first include and enable
SSL (or TLS) support in gantsd before you allow
PAM to be used to authorize connections.

	-- Mark

> Chad C. Walstrom wrote:
> > Pankaj K Garg wrote:
> >
> >>Is anyone signed up for adding PAM
> >>authentication support yet? If not, I can sign
> >>up for it.

> > No, no one has signed up for this yet. I
> > placed your name in the
> > TODO
> > list and updated it in CVS. I don't plan on
> > making ChangeLog entries for these files
> > (.todo and TODO), though I will note the
> > changes made in the cvs log entry. Welcome
> > aboard! I look forward to getting your
> > patches!
> 
> -- 
> Pankaj K Garg                         garg@zeesource.net
> 1684 Nightingale Avenue               408-373-4027
> Suite 201                             408-733-2737(fax)
> Sunnyvale, CA 94087
> 
> http://www.zeesource.net              http://home.earthlink.net/~gargp


_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnats

  parent reply	other threads:[~2004-06-20 17:06 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-10 21:20 CVS, Documentation, TODO Lists, New Maintainer, and Stuff Chad C. Walstrom
2004-06-10 21:44 ` Chad C. Walstrom
2004-06-13  8:51   ` Mel Hatzis
2004-06-13 23:01   ` Andrew Gray
2004-06-11 22:28 ` Yngve Svendsen
2004-06-14 17:07 ` Pankaj K Garg
2004-06-14 17:16   ` Chad C. Walstrom
2004-06-20 17:39     ` PAM Authentication Patch Pankaj K Garg
     [not found]       ` <gargp@earthlink.net>
2004-06-20 17:59         ` Mark D. Baushke [this message]
2004-06-21  7:25           ` Chad Walstrom
2004-06-21 15:26             ` Chad Walstrom
     [not found]               ` <chewie@wookimus.net>
2004-06-21 15:34                 ` Mark D. Baushke
2004-11-04  1:27                 ` Preparing 4.1 Mark D. Baushke
2004-11-04  3:15                   ` Chad Walstrom
2004-11-04 19:15                     ` Chad Walstrom
2004-11-17 23:26                       ` Chad Walstrom
2004-06-21 16:13       ` PAM Authentication Patch Chad Walstrom
2004-10-29 21:33 Preparing 4.1 Chad C. Walstrom
2004-10-31 14:03 ` Pankaj Garg
2004-11-01 19:09 ` Pankaj Garg
2004-11-03 22:39   ` Chad C. Walstrom
2004-11-03 22:46 ` Chad C. Walstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=93229.1087751132@juniper.net \
    --to=mdb@juniper.net \
    --cc=gargp@acm.org \
    --cc=help-gnats@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).