[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, When?



Jim Dennis wrote:

> > Perhaps I should really turn the question around.  Perhaps people
> > on the list have strong opinions/code they want to contribute?
> > What should be in 1.0?
>
> >   1. specifically, what do you feel is weak about PAM?
>
>         How do I find, install and configure pam_opie, pam_kerb4
>         pam_krb5, etc, etc. etc?
>
>         What is the relationship between pwdb and pam.
>
>         How to I enable shadow, md5, sha-1 etc?

I've been on this list a long time, and would still have to work pretty hard
to figure all these out and deploy them.  I agree that the documentation,
packaging and ease-of-use are pretty awful at this point.  We need a good PAM
administrator's guide.  A guide to How-Solve-Problems-With-PAM for
admins-with-too-much-to-do.  That's what people want to do with PAM.  They
want to solve problems with it.  And, they don't have much time to do it in
either.

I think that making what we (or I should say you) have available useful would
be the best and most effective use of resources that I could think of.  And
yes, part of that is really marketing.  Changing the version number *would*
help.  Because those short of time *know* that version 1.0 isn't really stable
anyway.  Lord help us if we have to use version 0.65.  PAM doesn't match these
expectations because it's really much better than Conventional Wisdom says it
should be.  But, none of us are going to change what people in general expect.

I hadn't really thought about the implications of the version # before, but I
agree: 1.0 should be when it reliably implements 100% of the RFC.  Linux PAM
has reached that.  Now it's time to figure out what to do with it.  It does
what it does pretty well.  It's a Pretty Great Thing.

What it doesn't do is a question for another day.

I hear (at least) two needs that haven't been addressed:

    1)    PAM packaging - someone needs to gather all the pretty pieces up and

            make something useful and coherent of it.  Understand (and
resolve?)
            license conflicts, integrate changes in an ongoing basis, test
them,
            etc.

    2)    PAM admin guide

What has happened so far is excellent.  These next two items are horses of a
different color.  Different skills and temperaments may be required to make
them happen.  Of course, it could be some of the same folks, but it needn't
be.  It's a lot like Linux itself.  Linus did a great job creating the kernel,
but others took up the documentation and packaging, with great results.

What exists now with #1 and #2 above would make an awesome Release 1.0.

        -- Alan Robertson
           alanr@bell-labs.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []