[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Announce: pniam-0.05

pniam-0.05 has just been released.

PNIAM (Pluggable Non Interactive Authentication Modules) is another pluggable
authentication scheme which extends PAM in the following main directions.
 - PNIAM combines authentication, authorization, accounting with getting
   user's credentials.  Currently PAM has lost some of it attractiveness
   because really interesting authentication schemes always require additions
   to NSS.  So the current tendency is to make PAM a makeweight to glibc NSS
   engine.  Incompatibilities between PAM and NSS configuration may lead to
   problems for system administrators.
   Unlike PAM PNIAM provides a full service with a single configuration and
   guarantee of mutual correctness of stages from authentication up to
   getting credentials.
 - Support for servers dealing with fixed set of queries (rather than
   performing direct conversation with the user) is natural.
   No more `conversation function' hacks are required!

PNIAM documentation is available at

If you want to evaluate the difference between PAM and PNIAM the best start
is section 1.2 of the documentation

Source code of PNIAM/ library along with some modules and simple
examples of PNIAM-aware applications can be found at

Changes since 0.04
  Significant documentation improvement.

  New modules:
   - fsdb family;
   - pniam_count;
   - pniam_fixlog;
   - pniam_lastlog;
   - pniam_listfile;
   - pniam_nologin;
   - pniam_pas;
   - pniam_wtmp;
   - pniam_cracklib;
   - pniam_schecks;
   - pniam_gecos.
  One module (pniam1) was removed.

  Module improvements:
   - expiration checks for pniam_pwd module;
   - random number generation is now performed via /dev/random.

  New library features:
   - PNIAM_ABORT return code was introduced to implement a limit on guess
     attempts in modules;
   - the library now checks if the amount of data in the request increases
     monotonically;  these checks allows applications to restart
     authentication from the very beginning with the same request structure
     and allows modules to impose limits on attempts to guess e.g. password;
   - pniam_end() now returns void instead of pniam_result_t because it
     mustn't fail;
   - Some functions start to fill memory by 0's before free()ing it.
   - "ok_replies" item list handling was changed (see documentation).

  Helper functions in libpniam:
   - copy2prompts() was removed;
   - check_item() and get_data_piece() were added.

  pwdlib improvements:
   - password and shadow file modification implemented; 
   - file locking implemented.

  Example applications:
   - APOP authentication scheme was implemented in POP3 server.

  Bug fixes:
   - memory leak in pniam_pwd module.

Comments and suggestions are welcome.

Best regards
					Andrey V.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []