Re: [Proposal] Forget PAM, stick with NSS

To: Matt Ryan <matt@banana.org.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: [Proposal] Forget PAM, stick with NSS
From: Steve Dunham <dunham@cse.msu.edu>
Date: 31 Jul 1999 16:35:26 -0400
Message-id: <[🔎] m9bg1244kxd.fsf@test2.cse.msu.edu>
In-reply-to: Matt Ryan's message of "Sat, 31 Jul 1999 14:55:18 +0100"
References: <[🔎] 199907311355.OAA25527@vulture.banana.org.uk>

Matt Ryan <matt@banana.org.uk> writes:

> I'm a big fan of small dependancies for packages. I can't see any reason why
> we should start PAMifing packages when AFAICS it only gives the same
> functionality as the NSS part of glibc. I have setup libnss-ldap and it works
> very well - why would I need PAM?

PAM handles a lot of stuff that NSS doesn't, including password
changing, password timeouts, explicit customization of authentication
(you can configure whether or not rhosts, securetty, etc is used on an
application by application basis), more complicated login schemes - I
believe stuff like the S/Key authentication scheme and various secure
id card schemes can't be done with just NSS.

I think the PAM FAQ has a more detailed explanation of why PAM is
orthogonal to NSS.

Steve
dunham@cse.msu.edu

Reply to:

References:
- [Proposal] Forget PAM, stick with NSS
  - From: Matt Ryan <matt@banana.org.uk>

Prev by Date: Re: on debian-win32 (WAS Re: Is there a Open Source WindowsSoftware Archive?)
Next by Date: Re: libc6 has no sources??
Previous by thread: Re: [Proposal] Forget PAM, stick with NSS
Next by thread: Re: Depends generated by maintainer scripts
Index(es):
- Date
- Thread