[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Tue, 7 Dec 1999 william.evans@computer.org wrote:

> Hmmm ... I had assumed that pam_pwdb would be the better alternative,
> but I don't know exactly why.  What are the pros and cons of using
> each?

pam_pwdb depends on an external library, libpwdb, for which development
seems to have largely stagnated.  pam_unix, on the other hand, uses native
libc calls, allowing it to hook into any password database backend
supported by the system's NSS modules.

pam_pwdb also hasn't been optimized very much, making authentication
incredibly slow on systems with a large number of users.

Honestly, at this point I see little to recommend pam_pwdb over pam_unix:
it's the default used by RedHat, but Debian is using pam_unix instead, and
even though pam_unix had been abandoned for a while, it's in working
condition nowadays.

> I guess it's better to write a separate module completely instead of
> just adding a single option to pam_pwdb such as "otheruser=root"?
> That would probably be complicating it too much, and opening that
> module up to problems.  However, it wouldn't be trying it
> automatically, and the sysadmin would have to activate it manually.
> Thoughts on this?

I would agree, it should be a separate module.  KISS, and all that.

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []