Feature request: alternate '/' for pam_unix
Steve Langasek
vorlon at debian.org
Fri Sep 28 17:53:57 UTC 2007
On Fri, Sep 28, 2007 at 07:35:26PM +0200, Jozsef Kadlecsik wrote:
> On Fri, 28 Sep 2007, Steve Langasek wrote:
> > > In the patch below I implemented the 'rootdir=directory' option for the
> > > pam_unix module, by which one can define an alternate root directory when
> > > looking up the files. So one can store alternate passwd, etc. files with
> > > the user data on a cluster (shared) filesystem, without the need of
> > > additional services running.
> > But you haven't modified any of the code that uses getpwnam() or getspnam()
> > to query the password database, so AFAICS this patch is useless since it
> > only affects password updates.
> It affects the realm of PAM - getpwnam/getspnam is covered by nss and that
> is handled by a different package/patch. Therefore I haven't posted it to
> this list.
Ok, but nss has no per-service configuration files, so how do you intend to
make NSS select a different password file in different contexts? Or is the
intent to make all password operations on the system use the same alternate
location that will be hard-coded in the NSS module? (In that case, I'm not
sure there's much point to making it configurable in pam_unix if it has to
be hard-coded in nss_files.)
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the Pam-list
mailing list