[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GDBM/DB password file support



On Thu, 10 Oct 1996, Aleph One wrote:

> Thanks that was very informative. Hmm what happens if you have the radius
> module listed in pam.conf but not in pwdb.conf?

I think this is not an issue - pam_radius module calls pwdb functions 
directly, with PWDB_RADIUS as only datasource, so again, /etc/pwdb.conf 
will not be used. In fact, there are very few cases where /etc/pwdb.conf 
will be used. Because there is no point to configure a RADIUS specific 
module to look after shadow/nis entries...

> Ideal thing would be to
> have authentication data (passwords) in separate databases than session
> information data (home directory, shell, ip address, etc) and that each
> database be able to return is schema.

This is why I say that all authentication related things should and now 
can go into pam_unix. Because it is very simple to add it using pwdb. 
Again the example of RADIUS - one can do user authetication with RADIUS, 
because authentication part of the RADIUS is in pam_unix... Frankly, 
pam_unix authentication part will be better called pam_auth :-)

> So an application could authenicate
> the user in the PAM auth module and set its enviroment in the session
> modules.

This is how things are done now.

> Something like pam_get_field() where the session module can pass
> it what field it wants. So for a shell server the session module can do
> pam_get_field("homedir") and a terminal server can do
> pam_get_field("ipaddress").

This is possible with pwdb functions already.

		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
http://www.cccis.ro                               Fax: +40-32-252933
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []