[GLLUG] proftd and PAM

Matt Graham danceswithcrows@usa.net
Mon, 29 Jul 2002 09:33:43 -0400

On Monday 29 July 2002 08:53, after a long battle with technology, Ex 
Fed wrote:
> From what I understand, given the contents of /etc/passwords, it is
> possible for an individual to use this information, along with crypt
> and a dictionary or a brute force attempt to figure out what are your
> passwords.

Right, except "/etc/passwords" doesn't exist, and /etc/passwd doesn't 
contain any password information in any Unix installation with a lick 
of sense, and this brute force attack gets quite difficult if the users 
are smart and they can use passwords > 8 characters (as is possible 
with md5 passwords.)  The user's encrypted password is stored in 
/etc/shadow these days.

> Does PAM provide us with greater security (does it still use
> /etc/passwords or shadow passwords, and is it easy to configure with
> most software that supports it?

PAM can do a fair number of things.  "man pam.conf" for info, though the 
page is a bit dry/technical/complex.

Remember that no authentication system in the world will protect your 
users if they insist on writing their passwords down on Post-It notes 
and sticking those notes to their monitors, or making the passwords the 
same as their usernames.

   People don't tend to get paid.
   --MegaHAL, trained on Netizen's quotes file
There is no Darkness in Eternity/But only Light too dim for us to see