opendoas:
* There are less eyes on random doas ports, just because sudo had a vulnerability
- does not mean random doas ports are more secure if they are not reviewed
- or pam is configured incorrectly.
-* If you want to use pam; You have to [configure pam](#pam-configuration)
- and failing to do so correctly might leave a big open door.
+ does not mean random doas ports are more secure if they are not reviewed.
* Use the configure script.
* Use the default make target.
-* If you really want to install a setuid binary that depends on
- pam being correctly configured, use the make install target
- to install the software.
## About the port
As much as possible I've attempted to stick to `doas` as tedu desired
it. As things stand it's essentially just code lifted from OpenBSD with
-PAM or shadow based authentication glommed on to it.
+shadow based authentication glommed on to it.
Compatibility functions in libopenbsd come from openbsd directly
(`strtonum.c`, `reallocarray.c`, `strlcpy.c`, `strlcat.c`),
from openssh (`readpassphrase.c`) or from sudo (`closefrom.c`).
-The PAM and shadow authentication code does not come from the OpenBSD project.
-
-### pam configuration
-
-I will not ship pam configuration files, they are distribution specific and
-its simply not safe or productive to ship and install those files.
-
-If you want to use opendoas on your system and there is no package that
-ships with a working pam configuration file, then you have to write and
-test it yourself.
-
-A good starting point is probably the distribution maintained `/etc/pam.d/sudo`
-file.
+The shadow authentication code does not come from the OpenBSD project.
### Persist/Timestamp/Timeout
projects / opendoas.git / blobdiff