Feature request: alternate '/' for pam_unix

Steve Langasek vorlon at debian.org
Fri Sep 28 17:53:57 UTC 2007


On Fri, Sep 28, 2007 at 07:35:26PM +0200, Jozsef Kadlecsik wrote:
> On Fri, 28 Sep 2007, Steve Langasek wrote:

> > > In the patch below I implemented the 'rootdir=directory' option for the 
> > > pam_unix module, by which one can define an alternate root directory when 
> > > looking up the files. So one can store alternate passwd, etc. files with 
> > > the user data on a cluster (shared) filesystem, without the need of 
> > > additional services running.

> > But you haven't modified any of the code that uses getpwnam() or getspnam()
> > to query the password database, so AFAICS this patch is useless since it
> > only affects password updates.

> It affects the realm of PAM - getpwnam/getspnam is covered by nss and that 
> is handled by a different package/patch. Therefore I haven't posted it to 
> this list.

Ok, but nss has no per-service configuration files, so how do you intend to
make NSS select a different password file in different contexts?  Or is the
intent to make all password operations on the system use the same alternate
location that will be hard-coded in the NSS module?  (In that case, I'm not
sure there's much point to making it configurable in pam_unix if it has to
be hard-coded in nss_files.)

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/




More information about the Pam-list mailing list