[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we have a consensus on PAM in slink?

Previously Steve Dunham wrote:
> 1. Are we going to move to PAM for slink (i.e. are patches welcome)?

It is a stated goal, which was not doable for hamm since PAM apparently
wasn't stable enough. Since it has worked for RH for a while now it seems
to have stablealized enough.

With the advent of LDAP and other authentication methods I think we really
should start in this now. X is probably the major problem now, there
are already PAM-aware logins and ppp packages iirc.

> 3. Can we move the pam modules to /lib/security?  This is where Red
> Hat keeps them.  If they stay in /usr/lib/security then "login" won't
> work until /usr is mounted.

I'm not sure of this one. On one side you can't assume you can login
anyway as a user since your shell might be in /usr/sbin (think tcsh).
On the other side root should always be able to login. What also worries
me is that I don't know if PAM support a fallback: if I enable LDAP
authentication but the network doesn't initialize, can I still use
the password in /etc/shadow ? 

This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@wi.LeidenUniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpsW9PFMWV5z.pgp
Description: PGP signature

Reply to: