Re: On PAM and authentication

To: tom@lpsg.demon.co.uk (Tom Lees)
Cc: debian-devel@lists.debian.org
Subject: Re: On PAM and authentication
From: Thorsten Kukuk <kukuk@vt.uni-paderborn.de>
Date: Tue, 22 Sep 1998 15:12:23 +0200 (MET DST)
Message-id: <[🔎] 199809221312.PAA17972@weber.uni-paderborn.de>
In-reply-to: <[🔎] 19980921212744.A579@lpsg> from Tom Lees at "Sep 21, 98 09:27:44 pm"

Hello,
> > I would prefer that Debian not use libnss_pam.so.1.
> > 
> > It turns out that for PAM to work well without confusing the user
> > (i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
> > pam_unix_* instead of pam_pwdb.  If when then used libnss_pam.so.1, we
> > would have a loop, pam would call glibc, which would call pam.
> 
> I just had a great idea. How about someone makes a pam_nss module?!?!?
> Or, we could just fix pwdb to work how it should.

To fix pwdb to work how it should is only duplicating existing code,
and you have the problem with to configuration files. Explain the
user why he couldn't use only one. And you need to search the bugs
in 2 libraries. pwdb would become very big, if you wish to add NIS+, LDAP,
hesoid and all the other third party NSS modules.

I doubt that pam_nss will work. I doesn't make sence for glibc based
programs, you could use the pam_unix modules for that. They do nothing
other. It would only make sence for libc5. But the NSS modules are linked
against glibc/libc6. I'm not sure, that the symbols will always be resolved
correct.

  Thorsten

-- 
Thorsten Kukuk  kukuk@vt.uni-paderborn.de
                http://www-vt.uni-paderborn.de/~kukuk/
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

Reply to:

References:
- Re: On PAM and authentication
  - From: Tom Lees <tom@lpsg.demon.co.uk>

Prev by Date: Re: On PAM and authentication
Next by Date: addition to debian standards
Previous by thread: Re: On PAM and authentication
Next by thread: Intent to package: ruplist
Index(es):
- Date
- Thread