[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: group information?

   Date: Wed, 19 Feb 1997 21:25:44 +0100 (MET)
   From: Ingo Luetkebohle <ingo@blank.pages.de>

   Well, but the credentials (like group info) are usually stored alongside
   with the authentication info (like passwords). Hence, if you strive to
   provide a transparent means of authentication, you have to complete the
   picture and provide a transparent means of accessing credentials.

   The only alternative is to fall back to non-PAM functions which is against
   the whole point, isn't it?

Setting up the group credentials, by using getgroups(), is much like
setting the Unix ID to the correct value using setuid().  It's not part
of the PAM functionality.  Not everything has to be done using PAM
modules, you know!

PAM doesn't plot bezier curves, it doesn't integrate symbolic functions,
it doesn't automatically write trashy romance novels....  Just because
something can't be done using PAM doesn't give it a justification for
pushing a new feature into PAM!

If you want to try to add it to PAM, then you have to tell us how it
generalizes to other mechanisms --- does Kerberos, SecureID, etc. care
about what Unix ID you are using, or what Unix groups you have?  If not,
perhaps it's something which can't be "factored out" into a generic
piece of functionality which can be defined by PAM.

						- Ted

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []