[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netstd doesn't use PAM

Thorsten Kukuk <kukuk@weber-eb.uni-paderborn.de> writes:

> > 
> > Package: netstd
> > Version: 3.07-3

> > can't rsh into NIS authenticated accounts until they fix /etc/pwdb.conf.

> My experince with PAM is, it is a very bad idea to use pam_pwdb.
> It seems it couldn't handle shadow passwords over NIS (glibc can do that),
> and it couldn't handle services like NIS+ or ldap, which are available
> for the next glibc 2.1 version. I think, instead of using pam_pwdb, we
> should use the corresponding pam_unix_* modules.
> The pwdb module will also confuse users, they have to configure
> /etc/nsswitch.conf, but the passwd and group entry is ignored, they have
> to configure that in /etc/pwdb.conf. It was good for libc5, but for
> glibc with NSS, pam_pwdb is a bad choice.

Ok, I was wondering how to deal with the nsswitch/pwdb issue.  I'll
turn on pam_unix_* on my Debian and UltraPenguin machines and see how
they fare.


Reply to: