Re: On PAM and authentication
On Thu, Sep 17, 1998 at 05:00:31PM -0400, Steve Dunham wrote:
> Tom Lees <tom@lpsg.demon.co.uk> writes:
>
> > I recently tried out LDAP on my machine for authentication. I used tools
> > available at http://www.rage.net/ldap/, and I'm pleased to say it works.
> > By using the NSS module, it works with all existing tools, including XDM,
> > etc., that I have tried, except for tin (my version is libc5 though),
> > and passwd, gpasswd, etc (for users authenticated via LDAP).
>
> > Presumably this implies that if we use PAM for authentication, AND have a
> > /lib/libnss_pam.so.1 library, not many mods will NEED to be done (although
> > for full PAM support mods will be necessary, AFAICT).
>
> I would prefer that Debian not use libnss_pam.so.1.
>
> It turns out that for PAM to work well without confusing the user
> (i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
> pam_unix_* instead of pam_pwdb. If when then used libnss_pam.so.1, we
> would have a loop, pam would call glibc, which would call pam.
I just had a great idea. How about someone makes a pam_nss module?!?!?
Or, we could just fix pwdb to work how it should.
--
Tom Lees <tom@lpsg.demon.co.uk> <tom@debian.org> http://www.lpsg.demon.co.uk/
PGP Key: finger tom@master.debian.org, http://www.lpsg.demon.co.uk/pgpkeys.asc.
Reply to: