[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)



   Date: Mon, 9 Sep 1996 15:19:36 -0400 (EDT)
   From: Elliot Lee <sopwith@cuc.edu>

   The problem is defining a std interface to this program that will work
   with a number of different auth methods. What about shadowed MD5 passwords
   when they are kept in a separate file, for example? Or a custom
   authentication database engine which only allows accesses from specific
   users? 

The official interface should be the PAM module.  The PAM module can
define whatever interface it wants to its helper program which will be
setuid.  I don't see any reason why we need to set an interface there;
we can have multiple modules with different helper programs and
different interfaces to that helper program.

That being said, it would probably make sense for whoever codes this up
to make the module support multiple different crypt() systems, much like
how the unix PAM module is very flexible.

But, if we forget some mechanism, or someone wants to come up with a new
wierdo one that requires more information, that's still something they
can do by writing a new PAM module, or modifying an existing one.

						- Ted



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []