Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 May 2009 13:51:58 +0200
From:      Daniel Bond <db@danielbond.org>
To:        freebsd-stable@freebsd.org
Cc:        des@des.no, "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de>, Steve Polyack <korvus@comcast.net>
Subject:   Re: PAM completeness and standardization  [PR:bin/71290]
Message-ID:  <F24A533C-C88F-4BB1-B91B-EF303D095E29@danielbond.org>
In-Reply-To: <49E8D18C.4070603@comcast.net>
References:  <34B37CEC-AF7A-48EE-81F5-7B19291F99EF@danielbond.org> <49E8D18C.4070603@comcast.net>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-11--318569631
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit

Hi Steve and Oliver,

thanks for your replies. Sorry it has taken me some time to reply. I'm  
willing to put in some time into this issue too, maybe we could do a  
joint effort on this?

The problem report with the most information in is http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/71290 
  - DES has some good reasons, for why the patch has not been included  
in FreeBSD.

Here are some of my viewpoints about the comments in the ticket.

- I think it is really important we preserve all command-line options,  
and do not break any existing functionality what so ever.
- I also think exposing PAM code for changing passwords is a good  
thing. Either we want PAM support in FreeBSD, or we don't. If we do,  
we need to support the PAM core features - exposing this code is  
necessary, and the code needs to be polished accordingly.
- The documentation changes is nice to have, let's think about this  
when we are happy with the other stuff.


I have a NetBSD 5.0 installation on my private server, I'll start  
looking at how they have implemented PAM.


Any comments? Pointers to code that would need cleanup? Anything we  
need to be extra careful with?


Best regards,

Daniel.

--
GPG public key: EDE9C925

On Apr 17, 2009, at 8:59 PM, Steve Polyack wrote:

> Daniel Bond wrote:
>> FreeBSD has excellent PAM-support, except for the passwd-command.  
>> The passwd-command gained PAM support quite a while ago, but there  
>> is a test preventing it from working with PAM.
>> There have been outstanding PR's for this minor issue for years  
>> now, I think it's time this one got fixed. People find it  
>> frustrating that they can't change their passwords (LDAP etc), like  
>> they can in a normal PAM-based system.
>>
>>
>> I'd be happy to fix whatever needs to be done, but I need to know  
>> why it's not been fixed / what needs to be done for it to be  
>> accepted by the community.
>
> I've looked at this recently and came to a roadblock after  
> sufficiently modifying passwd code (removing the test and an  
> additional few lines) as well as including the proper lines in /etc/ 
> pam.d/sshd.  I can't recally the exact problem I had.  I will  
> probably give this another go in the future, so I am willing to put  
> in some time on this issue.
>
> Anyways, I don't have a reason for you as to why it hasn't been  
> fixed or accepted yet.  It is a long-standing issue from what I  
> understand.
>


--Apple-Mail-11--318569631
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)

iEYEARECAAYFAkoJYuQACgkQF4Ca8+3pySWClQCgm1lXy3ag5P9bGssztKc4ahMJ
gb0AoJIqXnzx0+0bf1zxExT+/lr+GPDo
=C7AN
-----END PGP SIGNATURE-----

--Apple-Mail-11--318569631--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F24A533C-C88F-4BB1-B91B-EF303D095E29>