[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GDBM/DB password file support



On Thu, 10 Oct 1996, Aleph One wrote:

> I see. I would extend PAM but and do things the right way but I know you
> value sticking to the standard. If an application needs to know where the
> home directory of a user is then that is part of the authentication
> process. So what happens when say we want hesiod authentication? Do we
> make a PAM module? Do we make add it to libpwdb and add yet another
> protcol to pam_unix? Do we do both?

That depends. I don't know about hesiod, but I take the example of 
RADIUS. With RADIUS you can autheticate the user. So it is possible to 
use RADIUS for authetication only and the standard unix databases 
(/etc/passwd or /etc/shadow) to handle the user home dir, etc. This means 
we had to put a RADIUS module into libpwdb. However, RADIUS server can 
return to you also a login-service value, and other optional values for 
that login service type (such as the host to log in, or MTU, access-list, 
session-time, frame protocol (PPP/SLIP), etc. libpwdb radius module 
support and return to the application all these values. However, to 
actually make use of them, an application written for PAM will need at 
least a, say, pam_radius session module to handle this data.

So the answer is : depends. You can enhance pwdb only, but to actually 
make use of the extensions a new database supports, it is likely that 
you will need another module to actually use that data (at for the 
session type). Regarding pam_unix, for making another scheme to work 
for authentication, you will need to add very few lines of code to 
pam_unix.

		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
http://www.cccis.ro                               Fax: +40-32-252933
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []