[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: thinking about pam

Andrew G. Morgan:
> Currently, the modules (libpam itself is not concerned by this sort of
> question) and PAM aware applications that work with .52 do everything
> through libc.  This is set to change in .53. Cristian Gafton and I have
> been developing a new library "libpwdb" which will provide an alternative
> but hopefully more flexible user database management.
> Currently there is work in progress to have unix, shadow, NIS, RADIUS,
> TACACS support in this library. It is still some weeks away though.
> Following the completion of this library, we will provide some modules that
> use this library. It is our hope that everyone will want to use it too(!) We
> feel it offers flexibility that PAM aware applications will welcome.

It is a little difficult for me to tell anything about libpwdb (since
I haven't seen any code yet) - but I'm just wondering: isn't this the
same thing as the Name Service Switch in glibc?  Since it will be the
standard Linux libc in the future (it already is for the Alpha...),
it looks a bit like duplication of effort to me.  With glibc, you can
write your own dynamically loaded (much like PAM) modules to provide
user information from various sources, and all this is configured
nicely via /etc/nsswitch.conf, the same way it is done on Solaris 2.x.
Existing programs don't need to be changed at all, they just use
getpwnam(), getspnam(), ... as usual.  (Actually, you can also use the
thread-safe *_r() functions to avoid problems with overwriting static
return values by PAM modules.)

Is there any documentation about libpwdb available?  Is it based on
some existing standard API or something completely new?  Those who
know me know that I prefer things based on existing standards :-).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []