Re: NSS and PAM - What's the relation?
> On 10/5/06, Grok Mogger <email@example.com> wrote:
> >Just what the title says. What is the relation between NSS and PAM?
> >I understand that NSS basically tells C libraries where to get information.
> >What's confusing is that two of the entries in the nsswitch.conf file are
> >"passwd" and "shadow". Are these entries for programs that don't use PAM,
> >but instead have their own internal authentication mechanisms written in C?
they are used by libc functions getpwnam() and getspnam() (with their
On 05.10.06 01:08, Wim De Smet wrote:
> This is how I understand it: nsswitch configures where the databases
> with the given information are. (such as the 'passwd' database) PAM
> only provides authentication and, to some extent, user session setup.
> These databases however contain other information that programs can
> need, such as the groups, the uid, etc.
that is already handled by libc get** functions who use nsswitch.conf.
> So while PAM can authenticate
> against the same database, it is not closely related to nsswitch.
> pam_unix probably uses nsswitch to find out where it can find the
> information it needs though.
I doubt so. nsswitch only authentize user (get his informations from
databases according to his uid/logname) and pam_* authorize user (allow/deny
acecss) and set his session parameters (variables etc)
pam_unix just uses standard unix way to authentize user - calls getpwnam and
getspnam functions to decide if allow the user.
Matus UHLAR - fantomas, firstname.lastname@example.org ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)