Date: Thu, 22 Jul 1999 23:34:35 +0930 (CST) From: Kris Kennaway <kkenn@rebel.net.au> To: Oscar Bonilla <obonilla@fisicc-ufm.edu> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <Pine.BSF.4.10.9907222328460.42616-100000@morden.rebel.net.au> In-Reply-To: <19990721094711.C1520@fisicc-ufm.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jul 1999, Oscar Bonilla wrote: > Ok, here goes my understanding of how things should be, please correct me > if i'm wrong. > > There are three parts to the problem: > > 1. Where do we get the databases from? I mean, where do we get passwd, group, > hosts, ethers, etc from. > > This should be handled by a name service switch a la solaris. Basically > we want to be able to tell the system for each individual database where > to get the stuff from. We can add entries for each database in the system. > > 2. How to authorize the user? I mean, what sort of authentication should we > use to decide if the user should be allowed in. > > This should be handled by PAM. PAM also does other functions; session management, password management, etc. > > 3. What password hash should we use when we have the username and the > password hash? > > This should be handled by the new modularized crypt. > > Do we want to be able to tell the system where to get its pam.conf and > login.conf from? This would mean having a pam.conf and login.conf entry > in nsswitch.conf. Hmm. I don't know that this much would be useful. > Can we make a list of stuff that needs to be done to make this possible? > Something like a tasklist would be good. > > a) design and implement a name service switch. > b) make libc aware of the name service switch. > c) ??? I think we should look at what NetBSD is doing and join with their efforts. There's no sense in reinventing the wheel. I'm just running my libcrypt through a make world to make sure it's okay - once it's done I'll post the new source code snapshot for comment and testing. Kris > -Oscar > > -- > For PGP Public Key: finger obonilla@fisicc-ufm.edu > ------------------------------------------------------------------------------ The Feynman Problem-Solving Algorithm: (1) Write down the problem (2) Think real hard (3) Write down the answer ------------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907222328460.42616-100000>