Feature request: alternate '/' for pam_unix

Steve Langasek vorlon at debian.org
Fri Sep 28 16:54:01 UTC 2007


On Fri, Sep 28, 2007 at 02:36:25PM +0200, Jozsef Kadlecsik wrote:

> In a cluster environment it'd be quite good if one could specify
> alternate passwd/shadow/group files for the pam_unix module.

> I know, one could use LDAP, SQL or db files to store the user data, but 
> all of them have got some shortcomings: LDAP and SQL can be slow or 
> complex to setup in a redundan configuration; db files lack password 
> expiration information, etc.

> In the patch below I implemented the 'rootdir=directory' option for the 
> pam_unix module, by which one can define an alternate root directory when 
> looking up the files. So one can store alternate passwd, etc. files with 
> the user data on a cluster (shared) filesystem, without the need of 
> additional services running.

But you haven't modified any of the code that uses getpwnam() or getspnam()
to query the password database, so AFAICS this patch is useless since it
only affects password updates.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/




More information about the Pam-list mailing list