[arch-general] pam settings INSECURE

Caleb Cushing xenoterracide at gmail.com
Wed Nov 18 03:49:14 EST 2009

> Minimal modification of packages. Allow users to choose for themselves
> instead of doing work for them. I fail to see the security implications
> here for the common user, why would someone want to lock out a user
> without deleting the account except a system admin, who presumably would
> know what to do and would not need a 'simple one-step process'.

maybe, but it all depends should the admin have to do a full system
security audit? after making these changes I shouldn't have any
problems with kdm, the system is more secure and there are no
disadvantages that I can see. I just can't understand why I had to go
through all of this to start, sure I could make my system even MORE
secure but it's just unnecessary. also one implication in the modified
file I sent is currently failed logins (w/ kdm) don't get logged...
but I don't suppose that the average user reads their failed user
authentication logs, or cares that say a roommate has been trying to
crack there account by hand (because they aren't smart enough to know
how to mount a system drive with a livecd (yes I've had this happen
this is why we hash passwords and make them in the first place not all
users are as smart as us)).

> I'd
> wager most Arch users simply have 1 account they use all the time, and
> perhaps a guest account for others to use.

perhaps so... but as I've said this doesn't negatively impact them.
the size is negligible and the benefits are helping people who are
ignorant of weak pam settings and may not have checked that an account
they thought was disabled actually was. I'm just happy I checked.

> This isn't a security hole, and it isn't the responsibility of Arch devs
> to make decisions for the users except in extreme cases.
how is this making decisions for users? arch makes decisions for users
all the time. I'd guess that arch has done SOME setup of pam. It's a
distributions job to make relatively sane and secure defaults. a
distibution shouldn't do insane security, like require usb key auth
(unless that kind of security is distro focus). but if there's no
serious performance impact, and no visible user impact, then why
should a distro implement a secure as possible by default setup?
Caleb Cushing


More information about the arch-general mailing list