[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GDBM/DB password file support



On Thu, 10 Oct 1996, Cristian Gafton wrote:

> That depends. I don't know about hesiod, but I take the example of 
> RADIUS. With RADIUS you can autheticate the user. So it is possible to 
> use RADIUS for authetication only and the standard unix databases 
> (/etc/passwd or /etc/shadow) to handle the user home dir, etc. This means 
> we had to put a RADIUS module into libpwdb. However, RADIUS server can 
> return to you also a login-service value, and other optional values for 
> that login service type (such as the host to log in, or MTU, access-list, 
> session-time, frame protocol (PPP/SLIP), etc. libpwdb radius module 
> support and return to the application all these values. However, to 
> actually make use of them, an application written for PAM will need at 
> least a, say, pam_radius session module to handle this data.
> 
> So the answer is : depends. You can enhance pwdb only, but to actually 
> make use of the extensions a new database supports, it is likely that 
> you will need another module to actually use that data (at for the 
> session type). Regarding pam_unix, for making another scheme to work 
> for authentication, you will need to add very few lines of code to 
> pam_unix.

Thanks that was very informative. Hmm what happens if you have the radius
module listed in pam.conf but not in pwdb.conf? Ideal thing would be to
have authentication data (passwords) in separate databases than session
information data (home directory, shell, ip address, etc) and that each
database be able to return is schema. So an application could authenicate
the user in the PAM auth module and set its enviroment in the session
modules. Something like pam_get_field() where the session module can pass
it what field it wants. So for a shell server the session module can do
pam_get_field("homedir") and a terminal server can do
pam_get_field("ipaddress").

> 		Cristian Gafton
> --
> --------------------------------------------------------------------
> Cristian Gafton                                    gafton@sorosis.ro
> Computers & Communications Center              Network Administrator
> 35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
> http://www.cccis.ro                               Fax: +40-32-252933
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> UNIX is user friendly. It's just selective about who its friends are.
> 
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []