[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_crypt module will change the world



On Wed, Apr 16, 1997 at 03:56:47PM -0500, Adam Slattery wrote:
> > Well, I think it would be nice to have getpwnam() be a source for
> > pam_crypt.
> 
> Ok. This is priority #2. (After the sshd issue I found last night). I really
> didn't think many people used non-default nsswitch.conf files, and I've had
> several people ask me how to easily add non-system accounts for
> name_your_service.  This was my reasoning for not using getpwnam.  I
> definately made a big misjudgement.  I'd like to kill this discussion;
> support will be added before I ask Andrew to include pam_crypt in Linux-PAM.
> It might even be implemented in pam_crypt-0.0.4; we'll see :).

:)

> > Also, how do you plan to support password changing? Is it done in a
> > modular way as well? If so, which modules are available?
> 
> Pam_crypt already does this :). I think I discussed this in an earlier

Yes, but, pam_unix handles password changing with /etc/passwd, NIS,
NIS+ (?) and so on and pam_ldap handles password changing with LDAP and
so on.

I.e., there are two ways in which pam_crypt has to be modular:

1. Crypt() types

2. Name service types -- use NSS [getpwnam()] :)

3. Password changing protocols -- related to (2), but NSS doesn't help :(

The interesting thing is that (1) is NOT related to either (2) nor (3).

That is, you can use multiple different crypt types within a single name
service (though you can have only one crypted password per-user). So
modularity with respect to (2) and (3) must not be related (1).

So, is pam_crypt modular with respect to password changing?

Are you providing any password changing modules? Which ones?


> Thanks. You guys have been a huge help in deciding the direction of
> pam_crypt. I'll be out of town until tuesday night.
> -Adam
> 
> Current primary site: http://www.whstechs.org/pam_crypt/
> Alternate site:  http://seculinux.hackersclub.com/pam_crypt/
> 
> 
> PS: What is up with this brazilian auto-responder thing? It is getting
> extremely anoying. Does anybody else get messages from terra@zaz.com.br
> whenever they post to the list?


It's also on the Kerberos lists. Very obnoxious.

Cheers,

Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []