[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius

   From: "Mark Lillywhite" <mark@netconnect.com.au>
   Date: Fri, 28 Feb 1997 10:02:18 +1100

   I can't work out where the user ID and group ID(s) are supposed to be set
   by PAM. In fact, from reading the pam_unix*.c and login.c code it seems to
   me that it's still the application's responsability to determine a numeric
   UID and GID(s)... which seems quite strange to me.

That's because it's not part of PAM's job.  User ID and Group ID aren't
an intrinsic part of an authentication mechanism such as S/Key, or
Kerberos, or checking a user's password for that matter.  

If you're trying to avoid a global user password file, I'd suggest the
use of something like Hesiod.  You'd still have to use something like
Kerberos or Radius to handle the password authentication; I'd strongly
recommend Kerberos over Radius simply because it can do more and has a
much cleaner design.

							- Ted

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []