PAM and NSS for clusters
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Mon Nov 17 14:28:19 UTC 2008
Hello,
In order to store users in alternate passwd, shadow and group files I have
written some patches over Linux PAM 1.0.2 and an NSS module.
With these packages one can store the passwd, shadow and group files for
the cluster users over GFS/OCFS2/Lustre/etc. We have been using such a
setup for more than half a year in production. If somebody is interested
in, the patches, sources and the installation, configuration descriptions
are available at
http://www.kfki.hu/~kadlec/sw/cluster/
The PAM patches fix some bugs and add new features too:
- By default Linux PAM links with libxcrypt instead of libcrypt from
glibc. However the source files include crypt.h and not xcrypt.h, thus
the functions from libcrypt is used in spite of linking with libxcrypt.
- Simplify source when a function is used both in the pam_unix module and
in the helper binaries.
- Linux PAM can check blowfish encrypted passwords (if the crypto library
supports it), however it did not support new passwords to be encrypted
by blowfish. One patch adds full blowfish support (and "blowfish"
keyword) to pam_unix.
- @include keyword support (for Debian/Ubuntu).
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the Pam-list
mailing list