[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upcoming Debian Releases

Steve Dunham:
> > * Shadow password support (maor@ece.utexas.edu)
> IMHO, we should use PAM (pluggable authentication modules) instead.

PAM is a very good thing.  However:

- I don't know why everyone has this misconception: "use PAM _instead_
of shadow passwords".  PAM is just a more general interface to various
authentication methods, _including_ shadow passwords.  Most programs
in the shadow suite are still useful with PAM - only login, su and
passwd programs need to be replaced (I already have some PAM support
in passwd, in my not yet released development sources; this version
of passwd also has many features not related to PAM and not present in
other versions of passwd).

- PAM is not a small project, and is not quite stable yet (new version
with new features and new bugs comes out almost every week).  Even the
API is still being discussed with Sun and subject to change (yes, they
even consider implementing some of our suggestions).  Here is my opinion:
let the Red Hat folks finish and test it first - they get paid for their
job :-).  Once PAM is stable enough, we can start moving programs to use
it - but it is still a lot of work (much more than adding simple shadow
support, which is almost done already) and not something that can be done
for the next release, which will be frozen in a few weeks.

> This gives us shadow support, support for many other systems
> (including S/Key, SecureID, and any possible future system), and it
> give fine grain control over what methods are used for what programs

Right.  Just remember that it's still ALPHA stuff...  So I'd say: let's
finish the shadow support (very little is left to do), and then start
working on moving to PAM (existing shadow-aware programs will continue
to work as long as you don't use other authentication methods).

Just my 2 cents.


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: