[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_crypt module will change the world



On Fri, Apr 20, 2001 at 09:10:17AM +0400, solar@openwall.com wrote:
> On Tue, Apr 17, 2001 at 02:41:26PM -0500, Steve Langasek wrote:
> > On Tue, 17 Apr 2001 solar@openwall.com wrote:
> 
> > (well-documented) modules which work well in conjunction to 1) provide a
> > mapping of the heirarchical, virtualhost namespace onto the flat local
> > namespace and 2) allow pulling information from multiple password databases
> > according to a 'domain' token.  There are already modules that provide a
> > subset of 2, by bouncing all authentication for a service against a flatfile
> > or Berkeley DB file on the system, but I haven't seen anything yet that's
> > flexible enough to query multiple databases.  In any case, I don't see having
> > anything as flexible as NSS without implementing 1 and actually stacking it
> > with a module that uses NSS itself.
> 
> If a PAM module consults a database for authentication, then there
> should be a defined mechanism for it to extract and pass other
> information needed for the service or things become less efficient.

Indeed! And such an API could replace get*ent()/get*name()/... It would
be best if there were hooks for PAM and such a new API to communicate
such that the new API's modules could cooperate with PAM modules (e.g.,
a name service lookup module might need credentials from a PAM module).

> -- 
> /sd

Cheers,

Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []