[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On PAM and authentication

> > I would prefer that Debian not use libnss_pam.so.1.
> > 
> > It turns out that for PAM to work well without confusing the user
> > (i.e. for NIS to work without tweaking /etc/pwdb.conf), we need to use
> > pam_unix_* instead of pam_pwdb.  If when then used libnss_pam.so.1, we
> > would have a loop, pam would call glibc, which would call pam.
> I just had a great idea. How about someone makes a pam_nss module?!?!?
> Or, we could just fix pwdb to work how it should.

To fix pwdb to work how it should is only duplicating existing code,
and you have the problem with to configuration files. Explain the
user why he couldn't use only one. And you need to search the bugs
in 2 libraries. pwdb would become very big, if you wish to add NIS+, LDAP,
hesoid and all the other third party NSS modules.

I doubt that pam_nss will work. I doesn't make sence for glibc based
programs, you could use the pam_unix modules for that. They do nothing
other. It would only make sence for libc5. But the NSS modules are linked
against glibc/libc6. I'm not sure, that the symbols will always be resolved


Thorsten Kukuk  kukuk@vt.uni-paderborn.de
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

Reply to: