Re: On PAM and authentication

To: Tom Lees <tom@lpsg.demon.co.uk>
Cc: Debian devel <debian-devel@lists.debian.org>
Subject: Re: On PAM and authentication
From: Steve Dunham <dunham@cse.msu.edu>
Date: 17 Sep 1998 17:00:31 -0400
Message-id: <[🔎] m9blnniv4i8.fsf@fatneck.cps.msu.edu>
In-reply-to: Tom Lees's message of "Thu, 17 Sep 1998 18:18:28 +0100"
References: <[🔎] 19980917181828.A2621@lpsg>

Tom Lees <tom@lpsg.demon.co.uk> writes:

> I recently tried out LDAP on my machine for authentication. I used tools
> available at http://www.rage.net/ldap/, and I'm pleased to say it works.
> By using the NSS module, it works with all existing tools, including XDM,
> etc., that I have tried, except for tin (my version is libc5 though),
> and passwd, gpasswd, etc (for users authenticated via LDAP).

> Presumably this implies that if we use PAM for authentication, AND have a
> /lib/libnss_pam.so.1 library, not many mods will NEED to be done (although
> for full PAM support mods will be necessary, AFAICT).

I would prefer that Debian not use libnss_pam.so.1.

It turns out that for PAM to work well without confusing the user
(i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
pam_unix_* instead of pam_pwdb.  If when then used libnss_pam.so.1, we
would have a loop, pam would call glibc, which would call pam.

Steve
dunham@cse.msu.edu

Reply to:

Follow-Ups:
- Re: On PAM and authentication
  - From: Tom Lees <tom@lpsg.demon.co.uk>

References:
- On PAM and authentication
  - From: Tom Lees <tom@lpsg.demon.co.uk>

Prev by Date: SSH and authorized keys
Next by Date: POSIX arguments
Previous by thread: Re: On PAM and authentication
Next by thread: Re: On PAM and authentication
Index(es):
- Date
- Thread