Re: LDAP authentication with PAM

To: Ethan Benson <erbenson@alaska.net>
Cc: <debian-devel@lists.debian.org>
Subject: Re: LDAP authentication with PAM
From: Steve Langasek <vorlon@netexpress.net>
Date: Thu, 12 Apr 2001 10:34:47 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.30.0104120953001.25223-100000@tennyson.netexpress.net>
In-reply-to: <[🔎] 20010412034251.W2127@plato.local.lan>

On Thu, 12 Apr 2001, Ethan Benson wrote:

> On Thu, Apr 12, 2001 at 01:24:56PM +0200, Wichert Akkerman wrote:

> > You can also remove files so PAM will fall back to using /etc/pam.d/other
> > which you can fill with standard settings.

> wouldn't pam_stack be a better option then that?  or does pam_stack
> suck?

<tries to find a way to dance around the issue, then gives up>

Yes, pam_stack sucks.  It can never work as well as providing reasonable
defaults in /etc/pam.d/other, because there's no way to allow passing of
information between the two stacks, except to the extent that pam_stack itself
allows.  It makes it much more difficult to follow the stack flow, especially
for those not overly familiar with PAM.  It's not particularly labor-saving,
because there are now two config files to keep track of for every service,
even those services which don't deviate at all from the default settings.

Honestly I think pam_stack is a neat concept, and I can see where it would
come in handy.  But using it for all of your services when PAM already has a
mechanism that will get you the same results with less overhead seems silly
to me.

Steve Langasek
postmodern programmer

Reply to:

References:
- Re: LDAP authentication with PAM
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: LDAP authentication with PAM
Next by Date: Re: sensible-browser and sensible-image-viewer
Previous by thread: Re: LDAP authentication with PAM
Next by thread: Re: LDAP authentication with PAM
Index(es):
- Date
- Thread