Date: Thu, 22 Jul 1999 17:17:01 +0700 (NSS) From: Max Khon <fjoe@iclub.nsu.ru> To: Oscar Bonilla <obonilla@fisicc-ufm.edu> Cc: Kris Kennaway <kkenn@rebel.net.au>, "David E. Cross" <crossd@cs.rpi.edu>, Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>, Mike Smith <mike@smith.net.au>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <Pine.BSF.4.05.9907221714560.67316-100000@iclub.nsu.ru> In-Reply-To: <19990720144217.A426@fisicc-ufm.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there! On Tue, 20 Jul 1999, Oscar Bonilla wrote: > > It looks like we've got some good concurrent projects happening at the > > moment - markm and co working on PAM, the nsswitch.conf project you're > > talking about, and the stuff I'm working on with modularizing crypt() and > > supporting per-login class password hashes (I've rewritten the library > > since I last posted about it and expect to have my code cleaned up by > > tomorrow night for another snapshot). > > > > The thing to make sure is that we don't tread on each other's toes, and > > basically that we look for the big picture and how all these projects fit > > together. > > > > Ok, this is my understanding of the thing: > > There are two parts to the problem, first we need a way to tell the > system where to get its information from (call them databases, tables > or whatever). This should be done a la solaris, with > /etc/nsswitch.conf telling if this is to be fetched from "files, ldap, > nis, dns, etc". > > We need to recode all the programs that obtain this info directly from > files to get it from a library (this would be nsd). And then code the > library itself to get the info from /etc/nsswitch.conf You misunderstand the main goal of NSS -- you need not recode anything -- NSS substitutes getxxxbyzzz libc functions > Second, we need a way to authenticate the user... this is what PAM does. > What would need to be done is change the pam modules to make them > nsd aware (i.e. where should I get the passwd from?) or make them > /etc/auth.conf aware? this is the confusing part... > > where does crypt fit into this? crypt would get what from /etc/login.conf? go to http://www.padl.com and read about LDAP + NSS and PAM deployment schemes /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9907221714560.67316-100000>