[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM && libpwd



On Mon, 2 Nov 1998, Seth Chaiklin wrote:

> On Mon, 2 Nov 1998, Alan DeKok wrote:
> >   That is, libpwd abstracts getpwnam (etc.).  So does NIS.  libpwd
> > abstracts authentication.  So does PAM.
> 
> What is the functional difference between libpwdb and PAM?   Isn't the
> idea that one uses pam_pwdb to get the advantages of libpwdb.  Or do you
> mean that you simply use the libpwdb functions in your own programs, and
> simply skip over the use of PAM?
> 
 As far as i understand the idea of pam and pwdb, pam is for abstracting
authentication, it allows programer to write program and allow
administrator to decide how to authenticate user.
 Pwdb is for abstracting authorisation, programer can write program, and
leave to admin decision how to feed this program with data about uid,gid,
shell,homedir,gecos etc.
 PAM takes care "only" about username and password, and only this data is
fetched from pwdb by pam_pwdb.
 Any other data about user must be fetched by an application itself and
now all programs do it using standard libc getpwnam(). IMHO they should
use pwdb instead, so i'm now writting a "pwdb'ified";-) versions of
chfn,chsh,chage,login and su.  
 This is possible for program to do authentication using only pwdb, one
can prompt user for password, crypt() if and compare with one fetched from
pwdb but pam is more flexible.

> Thanks,
>   Seth Chaiklin
> 
Grzegorz Stanislawski
Open-Net / PKFL



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []