[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux-PAM ported to AIX

On Mon Apr 23 12:49 2001 +0200, Gemeiner, Jan wrote:
> I'm trying to set up an openldapserver to authenticate from Linux, Solaris
> and AIX clients.
> I'm interested in what you have done, but I can't really understand.
> Does this patch make an AIX authentication on an ldap-server? And how?
> My collegue told me, that there's absolutely no PAM available for AIX.
> How should I implement the patched PAM??

First of all, you need to understand a bit about the way PAM works.
Here's the overall structure:

   +-------------+    +-------------+    +---------------+
   | application |--->| PAM library |--->| PAM module(s) |
   +-------------+    +-------------+    +---------------+

The PAM library provides the glue which allows applications to access
any PAM module using a simple API.  However, the application still
needs to be written using the PAM API in order to make use of it.

AIX does not come with PAM, so my patch allows you to build Linux-PAM
under AIX.  This provides both the PAM library and a common subset of
PAM modules.  Once you have the library and the PAM modules, you can
download and compile many free software packages (such as OpenSSH)
with support for PAM under AIX.

Although this will allow you to use PAM for third-party software which
you compile yourself, the native AIX binaries for things like su and
login still don't support PAM.  As a result, the only way to get PAM
support in these native tools would be to replace the native binaries
with home-grown ones that support PAM.  (This probably isn't trivial
to do, but I'd love to get a copy if anyone manages it...)

I hope this clears up some of your confusion.

Mark D. Roth <roth@feep.net>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []