[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb and shadow



On Mon, 2 Nov 1998, Nalin Dahyabhai wrote:

> (In theory, pam_pwdb wouldn't even have to be using crypt() to generate
> information stored in the shadow file, or even use /etc/shadow at all.
> Heck, with the proper changes, it could be using NT's hashing algorithm
> and checking and updating passwords in Samba's smbpasswd file.  Just an
> idea I've been kicking around.)

I'm glad that you mention this idea.  It raises what seems like a kind of
contradiction (to me at least) between pwdb.so and other modules.

If I understand what you want to do, then you do not need to use or
modify pwdb.so at all.  You simply use the pam_smb module that is
available.

I get the impression that when pwdb was originally launched, there was an
idea (hope? expectation?) that other authentication processes could be
included in the library.  Then you would not need a separate module for
Samba NT, Novell, Radius, TACAS, etc..you would just stick your
pam_pwdb.so into your config files, and then use /etc/pwdb.conf to
select the databases that should be used.  

But is seems that (a) new databases have not been added to pwdb, and (b)
it seems that new authentication modules are being developed and refined
outside of pwdb, such that (c) pwdb can be viewed primarily as a
unix/shadow/nis authentication module (plus the other account / password
management modules -- there is a confusing terminology in PAM because the
entire module in /lib/security is called a module, but then each module
can have 4 modules).

Cheers,
  Seth



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []