Date: Tue, 20 Jul 1999 14:42:17 -0600 From: Oscar Bonilla <obonilla@fisicc-ufm.edu> To: Kris Kennaway <kkenn@rebel.net.au> Cc: "David E. Cross" <crossd@cs.rpi.edu>, Oscar Bonilla <obonilla@fisicc-ufm.edu>, Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>, Mike Smith <mike@smith.net.au>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <19990720144217.A426@fisicc-ufm.edu> In-Reply-To: <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au>; from Kris Kennaway on Wed, Jul 21, 1999 at 01:46:56AM %2B0930 References: <199907201520.LAA29350@cs.rpi.edu> <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> It looks like we've got some good concurrent projects happening at the > moment - markm and co working on PAM, the nsswitch.conf project you're > talking about, and the stuff I'm working on with modularizing crypt() and > supporting per-login class password hashes (I've rewritten the library > since I last posted about it and expect to have my code cleaned up by > tomorrow night for another snapshot). > > The thing to make sure is that we don't tread on each other's toes, and > basically that we look for the big picture and how all these projects fit > together. > Ok, this is my understanding of the thing: There are two parts to the problem, first we need a way to tell the system where to get its information from (call them databases, tables or whatever). This should be done a la solaris, with /etc/nsswitch.conf telling if this is to be fetched from "files, ldap, nis, dns, etc". We need to recode all the programs that obtain this info directly from files to get it from a library (this would be nsd). And then code the library itself to get the info from /etc/nsswitch.conf Second, we need a way to authenticate the user... this is what PAM does. What would need to be done is change the pam modules to make them nsd aware (i.e. where should I get the passwd from?) or make them /etc/auth.conf aware? this is the confusing part... where does crypt fit into this? crypt would get what from /etc/login.conf? regards, -Oscar -- For PGP Public Key: finger obonilla@fisicc-ufm.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990720144217.A426>