[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GDBM/DB password file support



On Thu, 10 Oct 1996, Aleph One wrote:

> authentication? Even NIS and shadow are questionable. All this different
> systems should be merged into one. PAM. Yes the there is a lot of code
> sahred between the unix, shadow, nis, and radious modules. But dont make a
> single module that selects on the fly what method to use! Write a library
> so share the code, and compile the modules separetly. If I want NIS I'll
> add the pam_nis module to pam.conf. Thanks.

The problem there is making a pam_nis module. libc & NYS make using NIS
easy, but I think that is pretty complicated to integrate just that stuff
into a separate program. Using ypbind is not desirable on many systems.

Ideally we *should* have a pam_nis module, but how far do we take it? Do
we tell pam_unix_auth to use fgetpwnam() to only read /etc/passwd, and
then have pam_nis_auth read only the NIS database? Why do that when
getpwnam() gets information from NIS very nicely, and also allows usage of
libc's superior (?) integration between /etc files, NIS/NIS+, and
sometimes DNS.

It would be nice to have a pam_nis_passwd module, though, since password
changing only works for local users right now (even though NIS users can
still login).

Basically, since libc is doing NIS functionality already for things other
than authentication, why not let it get the auth info for PAM as well?
Perhaps what needs to be done is find a way to use the low-level NYS stuff
from libc in an application or PAM module.

Or we could look at the glibc functionality and use that idea...?

My opinion,
-- Elliot

"Have you ever had a microchip implanted in your skull so the government
can keep track of your every move? You will! And the company that will
bring it to you is AT&T"





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []