[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_crypt module will change the world

Hi Adam,

On Tue, 15 Apr 1997, Adam Slattery wrote:

> The main goal of the module is to provide a great deal of flexibility.  The
> primary selling point is that a wide range of cryptographic algorithms can
> be used (currently 3, this will increase significantly when other people
> submit algorithm modules or I adapt a few more algorithms).  Currently there
> is support for md5, des, and vcblowfish (formerly known as glibfish).

I'm personally of the opinion that supporting multiple algorithms is an
advantage, because it opens up the possibility of gaining mindshare with
administrators of other operating systems for whom backwards-compatibility
with alternative 'secure' password hashes is a prerequisite.

> Fully compatible with modules such as cracklib. It is more flexible than
> pam_unix in that you can specify where the passwd file is, which is very
> useful if you don't want to use system accounts for a given service (this
> could be used with vsftp to create ftp user accounts without creating any
> system accounts).

Does the ability to specify alternate locations for the password file come at
the expense of being able to use the system getpwnam() call (and therefore
make use of other NSS backends), or have you balanced both of these
requirements in a single module?

Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []