[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On PAM and authentication

Tom Lees <tom@lpsg.demon.co.uk> writes:

> I recently tried out LDAP on my machine for authentication. I used tools
> available at http://www.rage.net/ldap/, and I'm pleased to say it works.
> By using the NSS module, it works with all existing tools, including XDM,
> etc., that I have tried, except for tin (my version is libc5 though),
> and passwd, gpasswd, etc (for users authenticated via LDAP).

> Presumably this implies that if we use PAM for authentication, AND have a
> /lib/libnss_pam.so.1 library, not many mods will NEED to be done (although
> for full PAM support mods will be necessary, AFAICT).

I would prefer that Debian not use libnss_pam.so.1.

It turns out that for PAM to work well without confusing the user
(i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
pam_unix_* instead of pam_pwdb.  If when then used libnss_pam.so.1, we
would have a loop, pam would call glibc, which would call pam.


Reply to: