Re: [PAM] Should `ssh' depend on `libpwdb'?
>>>>> "Michael" == Michael Alan Dorman <firstname.lastname@example.org> writes:
Michael> Ben Collins <email@example.com> writes:
>> On Mon, May 31, 1999 at 07:05:40PM -0400, Michael Alan Dorman
>> > firstname.lastname@example.org (Karl M. Hegbloom) writes:
>> > > I think I remember reading in one of these mailing lists
>> > > that the PAM `libpwdb' is deprecated, and should not be
>> > > used, since it bypasses the normal "nsswitch" mechanism in
>> > > glibc. Is this true?
>> > Based on messages that went out on the pam list in the last
>> > seven days, I do not think the PAM developers consider
>> > libpwdb as deprecated.
>> Deprecated is not the proper term. libpwdb is not prefered in
>> Debian as it is in RedHat. Considering that the majority of the
>> libpwdb code is duplication of the same libc calls, it's
>> considered overkill and adds an uneeded layer to the
>> authentication process.
Michael> OK. I was reading it as libpwdb being generally
Michael> deprecated, not just Debian-wise.
Michael> Would it be useful for people if there was a Debian
Michael> Authentication guide that addressed 1) what is available,
Michael> 2) what is preferred and 3) what sorts of mind-bogglingly
Michael> neat stuff you can do with it?
Perhaps this should be brought up on `debian-policy' at some point.
If there's a separate document written up for authentication, then
perhaps `policy' could point to it? I don't know... I ought to be
reading books and code rather than email again.