[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_unix_auth cleanup: NIS+ issues



On Fri, 11 Jun 1999 22:59:46 +0200, Thorsten Kukuk wrote:
> On Fri, Jun 11, Stephen Langasek wrote:
> > My one reservation is that, if something like this is done which checks the
> > password directly against the NIS+ server instead of using the NSS
> > interface, does this any longer belong in the module called pam_unix, or
> 
> If we do this, we need to implent NSS again in PAM -> look at the pam_pwdb
> module + libpwdb and the problems with them.

I don't think we need to re-implement anything. All we need is the code
to obtain the password, i.e.

	sp = getspnam(user);
	if (!strcmp(sp->sp_passwd, "*NP*")) {
		Do this NIS+ fandango
	}

Of course it's a hack, but so is seteuid'ing and frobbing the keyserv
cache.

However the alternative would not be to suck all of NSS into pam_unix,
but rather to equip libc with an authdes_set_identity(netname, privatekey)
function that works around the keyserv brain damage (oh, why haven't we
switched to a per-user shared memory segment long ago....).

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []