[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On PAM and authentication

On Thu, Sep 17, 1998 at 05:00:31PM -0400, Steve Dunham wrote:
> Tom Lees <tom@lpsg.demon.co.uk> writes:
> > I recently tried out LDAP on my machine for authentication. I used tools
> > available at http://www.rage.net/ldap/, and I'm pleased to say it works.
> > By using the NSS module, it works with all existing tools, including XDM,
> > etc., that I have tried, except for tin (my version is libc5 though),
> > and passwd, gpasswd, etc (for users authenticated via LDAP).
> > Presumably this implies that if we use PAM for authentication, AND have a
> > /lib/libnss_pam.so.1 library, not many mods will NEED to be done (although
> > for full PAM support mods will be necessary, AFAICT).
> I would prefer that Debian not use libnss_pam.so.1.
> It turns out that for PAM to work well without confusing the user
> (i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
> pam_unix_* instead of pam_pwdb.  If when then used libnss_pam.so.1, we
> would have a loop, pam would call glibc, which would call pam.

I just had a great idea. How about someone makes a pam_nss module?!?!?
Or, we could just fix pwdb to work how it should.

Tom Lees <tom@lpsg.demon.co.uk> <tom@debian.org>  http://www.lpsg.demon.co.uk/
PGP Key: finger tom@master.debian.org, http://www.lpsg.demon.co.uk/pgpkeys.asc.

Reply to: