On Wed, May 31, 2006 at 08:52:50PM +0200, Daniel Mueller wrote:
Besides of the fact that you will get the possibility to join a corporate network with centralized password management, imagine the following scenario:
You've got a brand-new laptop. Your new laptop has the disadvantage of being a popular object of desire for pilferers. The harddisk contains most likely private data (e.g. nude pics of your girlfriend). It's a good idea to encrypt those private files. I hear you saying "Bah, no problem, I don't need PAM for this". Okay; you would probably create some container files in your home directory and mount them if needed. Now let's imagine the thief is a smart one and he's looking for tracks in your home directory (.bash_history, .kde/*, .gnome/*, thumbails/* ..). With PAM (pam_mount) it's possible to mount encrypted filesystems during the logon session. That means you could encrypt your whole home directory and mount it automaticlly during login. After you've logged out, PAM will unmount it for you.
Of course, you could do the same in some different ways (Many roads lead to Rome).. It was just an example of PAM's numerous capabilities. At the moment I'm enjoying little goodies like xauth forwarding when using su(1). (You may know this message: Xlib: connection to ":0.0" refused by server)
Daniel, thank you for detailed explanation. That is impressive. Though I do not plan to use these features myself in near future. Anyway, there is the way to make happy both sides, those who like PAM and those who don't. It is... Subversion! Yeah, really. Why not make svn as default ports driver? Everybody can make their changes as they like. There may be some user contributed make-crux-PAMless.patch for every release. Changes do not disappear when you are updating ports. I use svn driver a long time, without any problems. And I have upgraded crux-2.1 to crux-2.2 using `svn diff core/ > ~/core.diff' and `svn diff opt/ > ~/opt.diff'. That was piece of cake, and I get back configure flags that *I* like, just by patching core and opt. Though, if svn driver will be default, then `ports -u' action must also check for conflicts and warn about them (that is easy to implement using `svn status | grep'). IMHO, that resolves all contests about default configure flags, without any harm. Good luck, -- Anton (irc: bd2) p.s. Please, announce here when you are planning to discuss ideas about pkgtools rewrite, attributes, e.t.c. I have some thoughts about it. (Shortly: I do not like idea of attributes in /var/lib/pkg/db, but I do like idea[1] that Oleksiy Khilkevich proposed, i.e. put whole Pkgfile and related files into binary package. Simple, without complexity. Everybody happy.) Just my 2 cents. [1] http://lists.crux.nu/pipermail/crux-devel/2006-April/001672.html