diff options
Diffstat (limited to 'debian/README.debian')
-rw-r--r-- | debian/README.debian | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/debian/README.debian b/debian/README.debian new file mode 100644 index 00000000..276cc55e --- /dev/null +++ b/debian/README.debian @@ -0,0 +1,36 @@ +PAM for DEBIAN +-------------- + +PAM (Pluggable Authentication Modules) provides system administrators with a +powerful method of controlling system access and methods of authentication. + +The documentation for PAM is packaged in the "libpam-doc" package. The +"Linux-PAM System Administrator's Guide" covers configuring PAM, what +modules are available etc. The documentation also includes "The Linux-PAM +Application Developers' Guide" and "The Linux-PAM Module Writers' Guide". + +The Debian default configuration is to emulate the old UNIX authentication. + +The Debian PAM packages live at svn://svn.debian.org/pkg-pam/. The +current version is in the trunk directory; previous versions live in +the tags directory. + +Changes Since Debian 3.0 +------------------------ + +The pam_securetty module used to prompt for a password when it was +going to fail access. This Debian-specific patch defeats one of the +key uses of this module: to deny access to privileged accounts soon +enough in the PAM stack that the password is never requested and is +not compromised over insecure network links. If you want to ask for +the password use required not requisite in your PAM config. + +Previously, pam_rhosts allowed the .rhosts file to be a symlink. This +was a debian specific change that has been dropped because it is not +the upstream behavior nor is it the documented behavior of ruserok(3). + +Similarly, pam_listfile used to allow the user file to be a symlink. +This is no longer allowed because upstream seems to be against the +change. Please see discussion started by Sam Hartman on +pam-list@redhat.com during the May 2002 time frame. + |