[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Patch not yet perfect (but it's close...)



michael smith wrote:
> Forgive me for coming in at an angle, but as I am currently engaged in
> porting the PAM code, libpwd is of considerable interest to me.
>
> Most particularly, how do you rationalise using a separate, incompatible
> layer underneath PAM for interacting with separate authentication/admin
> sources?  Isn't this what PAM is supposed to be all about?

Not clear what you mean by incompatable...

If anything libpwdb is intended to be a "better" replacement for the
getpw/gr...() calls in libc.  None of which are either incompatible with
PAM, or "perform" the process of authentication.

> If your point is that PAM is meant only for ingress/egress control, I
> would argue that it's not being used sufficiently wisely, and could
> perhaps stand a little stretching; I could see PAM being used for
> much of what libpwd currently appears to do, and the duplication of
> functionality seems pointless.

The duplication is really with things in libc. libpwdb is there for
accessing/updating any user<->credential database on the system (or off it). 
Libc currently forces a given system to have a preferred place to store all
the user accounts.  How for example, using libc, can you move an individual
user from NIS to a local shadowed account without getting your hands dirty
with file manipulation?

The point of libpwdb is to make this (and more complicted things) possible
with a single API.  (The more complicated things might be having passwords
on a radius server and yet account information in your /etc/passwd file. 
The way libpwdb was designed, you can stack any number of databases in this
way.) Libpwdb also makes it easy to associate custom information with a
user's account: something that is not possible with the libc-mandated passwd
structure.

Hope that helped.

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []