Date: Thu, 22 Jul 1999 23:28:19 +0930 (CST) From: Kris Kennaway <kkenn@rebel.net.au> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: hackers@freebsd.org Subject: Re: PAM & LDAP in FreeBSD Message-ID: <Pine.BSF.4.10.9907222321000.42616-100000@morden.rebel.net.au> In-Reply-To: <3795EEB9.1A21EEA@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Jul 1999, Daniel C. Sobral wrote: > Oscar Bonilla wrote: > > > > There are three parts to the problem: > > > > 1. Where do we get the databases from? I mean, where do we get passwd, group, > > hosts, ethers, etc from. > > > > This should be handled by a name service switch a la solaris. Basically > > we want to be able to tell the system for each individual database where > > to get the stuff from. We can add entries for each database in the system. > > I perceive here an unfair biasing toward nss. Someone mentioned > defining where to get the passwords from based on the login class. Not quite, if you're talking about me - I use login.conf to tell passwd(1) what hash algorithm to use for new account passwords. login.conf isn't applicable for where to get passwords from; you need to already know the user name (and presumably the entire struct passwd) to know what login class they're in. What does make sense is to be able to configure where getpwent() and friends go to get the struct passwd in the first place; whether from /etc/[s]pwd.db, a LDAP server, etc. This could either be done by teaching getpwent() how to interface with more and more backends, or by a config file which (effectively) swaps between entirely different getpwent() functions (one which talks to spwd.db, one which talks LDAP, etc). This is the nsswitch.conf route. Kris > This is a very interesting option, that doesn't seem to be well > served by nss. > > -- > Daniel C. Sobral (8-DCS) > dcs@newsguy.com > dcs@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907222321000.42616-100000>