Re: [Proposal] Forget PAM, stick with NSS
On Sat, Jul 31, 1999 at 02:55:18PM +0100, Matt Ryan wrote:
> I'm a big fan of small dependancies for packages. I can't see any reason
> why we should start PAMifing packages when AFAICS it only gives the same
> functionality as the NSS part of glibc. I have setup libnss-ldap and it
> works very well - why would I need PAM?
Even in LDAP authentication, PAM has benefits.
The LDAP module for PAM does binds with credentials, while nss_ldap
searches for the userPassword attribute. If you want to hide the
userPasswords on your LDAP server, using ACL, you must use pam_ldap.
pam_ldap support also changing passwords and SSL which, if im not
completely mistaken, is not implemented into nss_ldap.
--
// P.A. Knuutila / zur@edu.lahti.fi / pa@debian.org / GSM +358-503028233
// PGP fingerprint 363C ACE2 0A4F DE7E B67A 0223 C53B 932B / id E167BDD1
Reply to: