Re: [Proposal] Forget PAM, stick with NSS

To: Matt Ryan <matt@banana.org.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: [Proposal] Forget PAM, stick with NSS
From: P.A.Knuutila <zur@edu.lahti.fi>
Date: Sun, 1 Aug 1999 18:42:06 +0300
Message-id: <[🔎] 19990801184206.A30857@edu.lahti.fi>
In-reply-to: <199907311355.OAA25527@vulture.banana.org.uk>; from Matt Ryan on Sat, Jul 31, 1999 at 02:55:18PM +0100
References: <199907311355.OAA25527@vulture.banana.org.uk>

On Sat, Jul 31, 1999 at 02:55:18PM +0100, Matt Ryan wrote: 

> I'm a big fan of small dependancies for packages. I can't see any reason
> why we should start PAMifing packages when AFAICS it only gives the same
> functionality as the NSS part of glibc. I have setup libnss-ldap and it
> works very well - why would I need PAM?

  Even in LDAP authentication, PAM has benefits.

  The LDAP module for PAM does binds with credentials, while nss_ldap
searches for the userPassword attribute. If you want to hide the
userPasswords on your LDAP server, using ACL, you must use pam_ldap.

  pam_ldap support also changing passwords and SSL which, if im not
completely mistaken, is not implemented into nss_ldap.

-- 
// P.A. Knuutila / zur@edu.lahti.fi / pa@debian.org / GSM +358-503028233
// PGP fingerprint 363C ACE2 0A4F DE7E B67A 0223 C53B 932B / id E167BDD1

Reply to:

Prev by Date: Re: dselect and customizable key bindings
Next by Date: RTP: free multi platform editor (linux, dos, os9, ...)
Previous by thread: Re: [Proposal] Forget PAM, stick with NSS
Next by thread: Re: [Proposal] Forget PAM, stick with NSS
Index(es):
- Date
- Thread