[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NSS and PAM - What's the relation?



> On 10/5/06, Grok Mogger <linuximp@gmail.com> wrote:
> >Just what the title says.  What is the relation between NSS and PAM?
> >
> >I understand that NSS basically tells C libraries where to get information.
> >What's confusing is that two of the entries in the nsswitch.conf file are
> >"passwd" and "shadow".  Are these entries for programs that don't use PAM,
> >but instead have their own internal authentication mechanisms written in C?

they are used by libc functions getpwnam() and getspnam() (with their
families)

On 05.10.06 01:08, Wim De Smet wrote:
> This is how I understand it: nsswitch configures where the databases
> with the given information are. (such as the 'passwd' database) PAM
> only provides authentication and, to some extent, user session setup.

yes.

> These databases however contain other information that programs can
> need, such as the groups, the uid, etc. 

that is already handled by libc get** functions who use nsswitch.conf.

> So while PAM can authenticate
> against the same database, it is not closely related to nsswitch.
> pam_unix probably uses nsswitch to find out where it can find the
> information it needs though.

I doubt so. nsswitch only authentize user (get his informations from
databases according to his uid/logname) and pam_* authorize user (allow/deny
acecss) and set his session parameters (variables etc)

pam_unix just uses standard unix way to authentize user - calls getpwnam and
getspnam functions to decide if allow the user.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)



Reply to: