Re: [Proposal] Forget PAM, stick with NSS

To: debian-devel@lists.debian.org
Subject: Re: [Proposal] Forget PAM, stick with NSS
From: Thomas Quinot <thomas@debian.org>
Date: Mon, 2 Aug 1999 17:51:45 +0200
Message-id: <[🔎] 19990802175145.A19889@melusine.cuivre.fr.eu.org>
Reply-to: Thomas Quinot <thomas@debian.org>
In-reply-to: <[🔎] 19990801113025.B2601@mors.net>; from Wichert Akkerman on Sun, Aug 01, 1999 at 11:30:25AM +0200
References: <199907311355.OAA25527@vulture.banana.org.uk> <[🔎] 19990801113025.B2601@mors.net>

Le 1999-08-01, Wichert Akkerman écrivait :

> PAM and NSS are very different beasts and complement each other. Let me

True. PAM provides authentication services, while NSS is specialised
in database lookups. On the other hand, while both are simultaneously
useful in some situations, we should be careful not to unnecessarily
duplicating functionality. I am specifically referring to the pam_pwdb
module here, which was essentially NSS replicated as a PAM module.

When authentication requires data that is stored in the NSS databases
(ie /etc/passwd, NIS...), then the authentication services should use
NSS to obtain that data; this is what pam_unix is for. pam_pwdb's
principle of reimplementing these database lookups independently is rather
unfortunate, and IMHO Debian has met a wise decision in sticking with pam_unix
by default.

Thomas.

-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG   <URL:http://web.fdn.fr/~tquinot/>

Attachment: pgpB9y0AGfGrN.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [Proposal] Forget PAM, stick with NSS
  - From: Ben Collins <bcollins@debian.org>

References:
- Re: [Proposal] Forget PAM, stick with NSS
  - From: Wichert Akkerman <wichert@cs.leidenuniv.nl>

Prev by Date: Re: Uploaded wu-ftpd 2.5.0-0.3 (source i386) to master
Next by Date: Re: Potato, Kernel 2.2 -> 2.4
Previous by thread: Re: [Proposal] Forget PAM, stick with NSS
Next by thread: Re: [Proposal] Forget PAM, stick with NSS
Index(es):
- Date
- Thread