[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM && libpwd



My random thoughts on the difference between pam and libpwdb

That people see redundancy is partially legit but also partially due to
the typical mindset about PAM. PAM is about more than username, password
pairs. PAM could have a module for retinal scan. PAM has pam_permit. PAM
has time-of-day restriction modules. Etc.

PWDB has one simple job, abstract the concept of password databases so
that we can use various types of password databases that implement
username/password pairs interchangably. I hope the above can convince you
that PAM is so much more than that. PWDB was a worthy peice of code in
that it allowed for account migration between databases and other fun
stuff. For other reasons too, of course, but that was my favorite one. =)

jim

On Mon, 2 Nov 1998, Grzegorz Stanislawski wrote:

> On Mon, 2 Nov 1998, Seth Chaiklin wrote:
> 
> > On Mon, 2 Nov 1998, Alan DeKok wrote:
> > >   That is, libpwd abstracts getpwnam (etc.).  So does NIS.  libpwd
> > > abstracts authentication.  So does PAM.
> > 
> > What is the functional difference between libpwdb and PAM?   Isn't the
> > idea that one uses pam_pwdb to get the advantages of libpwdb.  Or do you
> > mean that you simply use the libpwdb functions in your own programs, and
> > simply skip over the use of PAM?
> > 
>  As far as i understand the idea of pam and pwdb, pam is for abstracting
> authentication, it allows programer to write program and allow
> administrator to decide how to authenticate user.
>  Pwdb is for abstracting authorisation, programer can write program, and
> leave to admin decision how to feed this program with data about uid,gid,
> shell,homedir,gecos etc.
>  PAM takes care "only" about username and password, and only this data is
> fetched from pwdb by pam_pwdb.
>  Any other data about user must be fetched by an application itself and
> now all programs do it using standard libc getpwnam(). IMHO they should
> use pwdb instead, so i'm now writting a "pwdb'ified";-) versions of
> chfn,chsh,chage,login and su.  
>  This is possible for program to do authentication using only pwdb, one
> can prompt user for password, crypt() if and compare with one fetched from
> pwdb but pam is more flexible.
> 
> > Thanks,
> >   Seth Chaiklin
> > 
> Grzegorz Stanislawski
> Open-Net / PKFL
> 
> 

-- 
[L]inux has an installed base conservatively estimated at around 3 million
users.... [V]endors say that most of the top companies in the US have bought
the OS - but that few will readily admit to running their multimillion-dollar
corporations on code put together by a band of software idealists. -- _Wired_



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []