[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

* Brian May <bam@debian.org> [030331 01:05]:
> Agreed. You can get full day to day functionality without needing to
> write to /etc/{passwd,shadow}. Personally, my preference would be to use
> a shared LDAP server, but I guess it depends on your application...
> However, it isn't quite as simple as you make out.
> For instance, every /etc/pam.d/* pam module would have to be changed,
> not just the password change service.

Ok. I was not very verbose. All those programs need a changed
pam-config, that do want to change passwords. (What besides passwd
currently is able to so? login/?dm maybe to enforce password-aging
but I never heared of anyone using this).

> Also, programs like adduser/useradd/etc only support /etc/password,
> /etc/shadow, and /etc/group (AFAIK). So management of these entries
> becomes an issue.

In a perfect world theese should support nss or at least pam, too.
While passwd should support pam, useradd is queestionable. (adduser
is no addional problem as it just calls useradd and passwd to do the
Sadly playing with pam (expecially within such important programs) is
a nontrival task and nothing I'd hope to get it right myself.

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: