From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11583 invoked from network); 31 Oct 2004 14:03:56 -0000 Received: from unknown (HELO lists.gnu.org) (199.232.76.165) by sourceware.org with SMTP; 31 Oct 2004 14:03:56 -0000 Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1COGRG-0006DO-52 for listarch-gnats-devel@sources.redhat.com; Sun, 31 Oct 2004 09:12:10 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1COGRB-0006DJ-T5 for help-gnats@gnu.org; Sun, 31 Oct 2004 09:12:05 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1COGRB-0006D7-FC for help-gnats@gnu.org; Sun, 31 Oct 2004 09:12:05 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1COGRB-0006D4-BI for help-gnats@gnu.org; Sun, 31 Oct 2004 09:12:05 -0500 Received: from [207.217.120.149] (helo=asmtp-a063f33.pas.sa.earthlink.net) by monty-python.gnu.org with esmtp (Exim 4.34) id 1COGJB-0006lU-Nb for help-gnats@gnu.org; Sun, 31 Oct 2004 09:03:49 -0500 Received: from [68.164.83.240] (helo=[192.168.1.2]) by asmtp-a063f33.pas.sa.earthlink.net with asmtp (TLSv1:RC4-SHA:128) (Exim 4.34) id 1COGJA-0006Z0-2S; Sun, 31 Oct 2004 06:03:48 -0800 In-Reply-To: <20041029213319.GA14062@wookimus.net> References: <20041029213319.GA14062@wookimus.net> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: Pankaj Garg Date: Sun, 31 Oct 2004 14:03:00 -0000 To: "Chad C. Walstrom" X-Mailer: Apple Mail (2.619) X-ELNK-Trace: 7705cff7f8fc6ea374bf435c0eb9d478e52fd700cb2c95b81706263dca1e831efc6c55b11df3eed9350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 68.164.83.240 Cc: help-gnats@gnu.org Subject: Re: Preparing 4.1... X-BeenThere: help-gnats@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General discussion about GNU GNATS List-Archive: List-Post: List-Help: List-Subscribe: , Sender: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org Errors-To: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org X-SW-Source: 2004-q4/txt/msg00003.txt.bz2 Yes, I'll put a cautionary note in gnats.texi. I don't think we can block modules selectively. Anyhow, people using PAM modules should know what they are doing, and will be careful of security issues, specially if we warn them. I'm under the impression that if you use a client and server on the same machine, then there is no security problem. Is this correct? Pankaj On Oct 29, 2004, at 2:33 PM, Chad C. Walstrom wrote: > I'm going to hold off on the PAM patch for just a while longer.=20=20 > Pankaj, > do you think it would be possible to add a cautionary note in=20 > gnats.texi > regarding the security problems in exposing the PAM to GNATS > authentictation (i.e. plain-text network protocol sniffing)? For > example, we should suggest that administrators not authenticate system > accounts through GNATS. Rather, give suggestions for using other PAM > modules to authenticate against alternate passwd or db format files. > > (Is it possible to blacklist pam modules for use w/gnats?) > -- Pankaj K Garg =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 garg@zeesou= rce.net 1684 Nightingale Avenue =A0 =A0=A0408-373-4027 Suite 201 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 40= 8-733-2737(fax) Sunnyvale, CA 94087 http://www.zeesource.net _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnats