From owner-freebsd-hackers  Thu Jul 22  3:32:28 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66])
	by hub.freebsd.org (Postfix) with ESMTP id 39A3714C35
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 22 Jul 1999 03:32:03 -0700 (PDT)
	(envelope-from fjoe@iclub.nsu.ru)
Received: from localhost (fjoe@localhost)
	by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id RAA67619;
	Thu, 22 Jul 1999 17:17:01 +0700 (NSS)
	(envelope-from fjoe@iclub.nsu.ru)
Date: Thu, 22 Jul 1999 17:17:01 +0700 (NSS)
From: Max Khon <fjoe@iclub.nsu.ru>
To: Oscar Bonilla <obonilla@fisicc-ufm.edu>
Cc: Kris Kennaway <kkenn@rebel.net.au>,
	"David E. Cross" <crossd@cs.rpi.edu>,
	Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>,
	Mike Smith <mike@smith.net.au>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD
In-Reply-To: <19990720144217.A426@fisicc-ufm.edu>
Message-ID: <Pine.BSF.4.05.9907221714560.67316-100000@iclub.nsu.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

hi, there!

On Tue, 20 Jul 1999, Oscar Bonilla wrote:

> > It looks like we've got some good concurrent projects happening at the
> > moment - markm and co working on PAM, the nsswitch.conf project you're
> > talking about, and the stuff I'm working on with modularizing crypt() and
> > supporting per-login class password hashes (I've rewritten the library
> > since I last posted about it and expect to have my code cleaned up by
> > tomorrow night for another snapshot).
> > 
> > The thing to make sure is that we don't tread on each other's toes, and
> > basically that we look for the big picture and how all these projects fit
> > together.
> > 
> 
> Ok, this is my understanding of the thing:
> 
> There are two parts to the problem, first we need a way to tell the
> system where to get its information from (call them databases, tables
> or whatever). This should be done a la solaris, with
> /etc/nsswitch.conf telling if this is to be fetched from "files, ldap,
> nis, dns, etc".
> 
> We need to recode all the programs that obtain this info directly from
> files to get it from a library (this would be nsd). And then code the
> library itself to get the info from /etc/nsswitch.conf

You misunderstand the main goal of NSS -- you need not recode anything --
NSS substitutes getxxxbyzzz libc functions

> Second, we need a way to authenticate the user... this is what PAM does.
> What would need to be done is change the pam modules to make them
> nsd aware (i.e. where should I get the passwd from?) or make them
> /etc/auth.conf aware? this is the confusing part... 
> 
> where does crypt fit into this? crypt would get what from /etc/login.conf?

go to http://www.padl.com and read about LDAP + NSS and PAM deployment
schemes

/fjoe



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message