[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM, Potato, Packages -- things that begine with 'P'

On Tue, Mar 02, 1999 at 07:18:49AM -0500, Michael Stone wrote:
> On Tue, Mar 02, 1999 at 07:13:04AM -0500, Ben Collins wrote:
> > Now the proposal, how do we get PAM completely into potato, from telnet
> > to ftp, to ssh? There are a lot of apps that need to use pam, I'm
> > suggesting, for the users sake, that in potato we make pam'ified apps
> > optional (ie. have a telnetd and a telnetd-pam), maybe by post-potato
> > release, we can drop this usage and be completely PAM enabled.
> I think this is too ugly, and will make upgrading a pain. How would
> having extra apps help users? (Pam'd apps should still interoperate with
> apps that use passwd directly, right? As long as /bin/passwd is pam'd,
> it should be user-invisible.)

No, wrong, false. If you are just using local files in /etc, then you are
ok, but the biggest reason for using PAM is having the ability to use
special authentication sources. Like radius, LDAP, and whatever else you
can think of. This means that there is no local authentication method for
non-pam apps.

The way it helps users is by not forcing them to use PAM, some people
don't want it. This may be overidden if we see that PAM is stable enough
to support as the standard (currently, being familiar with the source, I
don't have that confidence), but initially we need alternatives.

-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org                 bcollins@debian.org
UnixGroup Admin - Jordan Systems         The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --

Reply to: