Re: pop3 and sendmail?

On Sat, 10 Apr 1999, Matthew Hixson wrote:

> On Sat, 10 Apr 1999, Michael K. Johnson wrote:
> > There needs to be more integration than what PAM could provide here -- PAM
> > doesn't provide information like where the maildrops are, just like it does
> > not provide information about users' home directories.  NSS modules provide
> > a bit more of this -- the standard {g,s}etpw{nam,uid} interface -- but you
> > might well need to do more cusomization.
> I was thinking that a PAMified delivery agent could see if a user exists by
> trying to authenticate it using the PAM library.

Michael's right - this is trying to shoehorn PAM into an area where it was not
designed to be used (very un-Unix-like);  seriously, you want an NSS module
for this.

I mentioned Luke Howard's NSS/PAM modules for LDAP the other day - taking them
as an example, I've now gotten a Solaris box correctly providing "user" access
for an account that doesn't exist in "/etc/passwd" or "/etc/shadow" at all.

When you login with TELNET (for example) the PAM module is used to
authenticate the user.  When you run "ls" in a directory (or an MDA tries to
determine if a user is a known local user or not), the corresponding NSS
module is used to lookup relevant details (be it UID, login name, GECOS, login
shell, whatever).

Running a loop over setpwent/getpwent/endpwent returns first all the local
(/etc/passwd) users and then automatically starts returning LDAP users
(courtesy of the NSS module);  thus, if the MDA (local mail delivery agent)
uses the regular getpwnam() call to see if the user is local or not, the NSS
module will return the information accordingly.

Solaris {2.5.1, 2.6, 7} comes with NSS modules "compat" (see man pages),
"dns", "files", "nis" and "nisplus".  glibc-2.0.7-29 on Red Hat Linux 5.2
includes "compat", "db", "dns", "files" and "nis".

Luke Howard's two modules add "ldap" both for NSS and PAM.



