[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GDBM/DB password file support



On Thu, 10 Oct 1996, Cristian Gafton wrote:

> No, they are not. I agree with RADIUS, but I tend to say that NIS and 
> shadow are more 'natural'. IMHO it is better to have a more complex 
> module (and now with libpwdb there is a simple matter of calling 
> pwdb_locate for different datasources), than to _duplicate_ pam-unix into 
> a pam_nis, pam_shadow, etc. just think at the maintainability of this 
> kind of setup - you change/correct something in pam_unix, then go for the 
> same thing in pam_nis, pam_shadow, etc. Without libpwdb, pam_unix looks 
> ugly, I agree, because it have to know about a lot of things. Now we have 
> taken the datasources related code into libpwdb and pam_unix got _so_ 
> clean. Now you write something like:
> 
> 	if (on(SHADOW_ARG))
> 		pwdb_locate(PWDB_SHADOW,...);
> 	if (on(NIS_ARG))
> 		pwdb_locate(PWDB_NIS,....);
> 
> The code looks nice and clean :-) [Note: actually the calls to 
> pwdb_locate have a slightly different form, but you get the idea)]

Thats why you still have a library to share commong code. But you have
separate libraries NIS, shadow, etc... No need to have a configuration
file to tell it how to act at run time. Each module only contains is
specific code and the shared functions.

> No, it selectes what _you- are telling him to select. That's why you have 
> arguments to modules in /etc/pam.conf. We have tried to make libpwdb a 
> little more generic than for the sole use within PAM project - that's why 
> /etc/pwdb.conf file showed up. But in fact within PAM project is possible 
> to ignore the /etc/pwdb.conf file and tell the library functions directly 
> what datasources to use. But to get this level of flexibility, other 
> applications should use libpwdb outside PAM (ie login). And hence the 
> need for _optional_ /etc/pwdb.conf. Once again, if the application knows 
> what it is doing, it may supply directly the datasource types to the 
> libpwdb functions. If the application is meant to be generic, it will call 
> libpwdb functions with default datasource type and the pwdb library will 
> look into /etc/pwdb.conf, thus the application can be customized through 
> /etc/pwdb.conf settings. Is that clear enough ? :-)

Yup. But... why would an application neededing to to auth need to use
anything but PAM?

> ... If you want NIS you will add 'nis' arg to pam_unix module. Thanks. :-)

8-) Lucky me I dont touch NIS with a 10 foot pole.

> With best regards,

Cheers.

> 		Cristian Gafton
> --
> --------------------------------------------------------------------
> Cristian Gafton                                    gafton@sorosis.ro
> Computers & Communications Center              Network Administrator
> 35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
> http://www.cccis.ro                               Fax: +40-32-252933
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> UNIX is user friendly. It's just selective about who its friends are.
> 
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []