[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM && libpwd



Seth Chaiklin <sethlist@pc126.psy.aau.dk> wrote:
>
> This is why I was asking about libpwdb in relation to NIS and Radius.
> But then someone accused libpwdb of showing its age ... without
> explaining what this meant.

  That was me.

  libpwdb hasn't had active maintenance for a while now, and it's
methods of accessing /etc/passwd and /etc/shadow leave a *lot* to be
desired.

  I don't understand the code fully, but it looks like libpwd reads
passwd && shadow 4-5 times for each log in.  If you've got 5000 users
on your system, password verification can take *seconds* to occur, as
a few people have complained about here.

  The RADIUS protocol as implemented in libpwdb is fine, but RADIUS
has changed a lot since then.  It would be nice to implement full
support for the new attributes and draft-rfc attributes.

  I'm also not entirely clear on the necessity for libpwd, PAM, and
NIS.  The overlap between them is enough that I currently believe that
most of one is superfluous.  Right now, I'm leaning towards libpwdb.

  That is, libpwd abstracts getpwnam (etc.).  So does NIS.  libpwd
abstracts authentication.  So does PAM.

  I don't know, however, if libpwd does anything that nothing else does.

  Alan DeKok.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []