Re: integrating PAM module into nss-ldapd (RFH)

To: Arthur de Jong <adejong@debian.org>
Cc: debian-devel <debian-devel@lists.debian.org>
Subject: Re: integrating PAM module into nss-ldapd (RFH)
From: Howard Chu <hyc@symas.com>
Date: Sat, 16 May 2009 01:37:38 -0700
Message-id: <[🔎] 4A0E7B52.9000003@symas.com>
In-reply-to: <[🔎] 1242456128.3996.6.camel@sorbet.thuis.net>
References: <[🔎] 1242456128.3996.6.camel@sorbet.thuis.net>

Arthur de Jong wrote:


Hello list (I've put a couple of people in Bcc to try to get more
feedback),

I'm working on integrating a PAM module into nss-ldapd and am looking
for input on this. The PAM module was kindly provided by Howard Chu from
the OpenLDAP project but I'm still working on the server part.

(more info on nss-ldapd: http://packages.debian.org/nss-ldapd)

With this new functionality I'm planning to generate three binary
packages (instead of the now one): libnss-ldapd (the NSS module),
libpam-ldapd (the PAM module) and nslcd (the daemon). The reason for
this split is that some users may want to stick with the other PAM
module. Also the OpenLDAP people are working on an overlay that could
replace the nslcd part (but it's up to the OpenLDAP maintainers if they
want to provide such a package).


The nssov manpage describes some of the motivation for this work.
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd-modules/nssov/slapo-nssov.5?rev=1.3

Note that the OpenLDAP Project only provides source distributions; it's up to3rd parties to provide packages. Symas Corp. is in the process of testingpackages for this code now; I know that some of the SuSE folks looked at anearlier version but I'm not sure if they went anywhere with it.

Also, I'm looking for people who are willing to spend some time on
nss-ldapd. I could use some help with the PAM packaging part, I know
libpam-runtime was changed recently so if anyone can help to get the the
PAM packaging into shape that would be great.

Since nss-ldapd seems to be used more often now, having a co-maintainer
for the package would really help. There is still enough development
work to be done but also packaging work with the upcoming split.

Another important part where I would really welcome suggestions is a
better name for the software. I've seen some confusion over the current
name (people not noticing the d at the end) and with the integration of
PAM functionality the name no longer covers the functionality.

Current work on integrating the PAM functionality can be tracked here:
http://arthurenhella.demon.nl/svn/nss-ldapd/nss-pam-ldapd/
http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-pam-ldapd/

Any comments and suggestions are very much appreciated. Thanks.

The name is alwas the tricky part huh... ldapauth? nss-pam-ldapd is at leastrecognizable...


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Reply to:

References:
- integrating PAM module into nss-ldapd (RFH)
  - From: Arthur de Jong <adejong@debian.org>

Prev by Date: Re: Bug#494714: dpkg-dev - dpkg-genchanges should fold lines
Next by Date: Re: i386.changes vs source.changes
Previous by thread: integrating PAM module into nss-ldapd (RFH)
Next by thread: Re: integrating PAM module into nss-ldapd (RFH)
Index(es):
- Date
- Thread