Re: Shadow vss PAM
Date: Wed, 21 Aug 96 11:59 PDT
From: firstname.lastname@example.org (Bruce Perens)
Cc: email@example.com (Debian Development)
Patrick Weemeeuw writes:
> I would propose to go for shadow for 1.2.
> In the mean time, I will try to make a few applications PAM-aware,
> to wet my feet and to gain some insight about how simple or complex
> things are. After all, it's not a black or white thing, but we can
> PAMify application by application.
Good decision. If I understand you correctly, we can set PAM to
authenticate via shadow password only and deploy it in a piece-wise
fashion. Then, once we have it deployed fully, we can start to introduce
additional methods of validation.
Even better yet: as soon as any application has been adapted to PAM it
can use all available PAM modules immediately (as configured by the
system administrator per application), independently of the status of
other authentication clients. I also hope that the support for shadow
passwords is compatible with the current shadow package: that would
avoid most transition problems.