Re: libc6 problems (maybe)?
On Fri, Oct 29, 1999 at 11:26:24AM -0400, Dan Brosemer wrote:
> On Fri, Oct 29, 1999 at 08:23:49AM -0400, Ben Collins wrote:
> > On Fri, Oct 29, 1999 at 04:58:15AM -0700, Joel Klecker wrote:
> > > Haven't we agreed that libpwdb is evil anyhow?
> >
> > For PAM it is. I didn't pay attention to the actual usage, nor to whether
> > it was for a package in Debian.
>
> It's for OpenSSH which I am working on (and I think just finished)
> packaging. Unfortunately, it uses both lipwdb and pam. Could you explain
> why this is evil and maybe point me at some reading that would help me port
> it away from libpwdb?
a) I would hope that they made the pwdb support configurable at build time
with some sort of --disable-pwdb option.
b) Pwdb is evil for several reasons. PWDB was developed to give NSS
abilities to libc5 systems. With libc6's libnss (/etc/nsswitch.conf)
capabilities, pwdb is redundant, confusing and buggy. Right now libc6
allows you to specify the name service via a configurable (and arguably
standard) interface. Simply add more libnss modules (the libnss-ldap
package is a good example) and you automatically get another name service
source.
By using pwdb, you mulitply the effort required to do this and add a layer
on top of of the builtin libc name service. So not only do you have to
configure NSS, you have to configure pwdb too (even for using NIS).
Also, please see the current ssh package's /etc/pam.d/ssh file, as it does
not use pam_pwdb (which in itself would cause problems). IOW, please have
that file in OpenSSH use the normal pam_unix.so modules, else it wil cause
problems aswell, and bug reports will be filed, and people wont use it :)
PWDB is old, and IMNSHO, obsolete. It's time has passed.
Ben
Reply to: