Date: Thu, 22 Jul 1999 23:34:35 +0930 (CST) From: Kris Kennaway <kkenn@rebel.net.au> To: Oscar Bonilla <obonilla@fisicc-ufm.edu> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <Pine.BSF.4.10.9907222328460.42616-100000@morden.rebel.net.au> In-Reply-To: <19990721094711.C1520@fisicc-ufm.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jul 1999, Oscar Bonilla wrote:
> Ok, here goes my understanding of how things should be, please correct me
> if i'm wrong.
>
> There are three parts to the problem:
>
> 1. Where do we get the databases from? I mean, where do we get passwd, group,
> hosts, ethers, etc from.
>
> This should be handled by a name service switch a la solaris. Basically
> we want to be able to tell the system for each individual database where
> to get the stuff from. We can add entries for each database in the system.
>
> 2. How to authorize the user? I mean, what sort of authentication should we
> use to decide if the user should be allowed in.
>
> This should be handled by PAM.
PAM also does other functions; session management, password management,
etc.
>
> 3. What password hash should we use when we have the username and the
> password hash?
>
> This should be handled by the new modularized crypt.
>
> Do we want to be able to tell the system where to get its pam.conf and
> login.conf from? This would mean having a pam.conf and login.conf entry
> in nsswitch.conf.
Hmm. I don't know that this much would be useful.
> Can we make a list of stuff that needs to be done to make this possible?
> Something like a tasklist would be good.
>
> a) design and implement a name service switch.
> b) make libc aware of the name service switch.
> c) ???
I think we should look at what NetBSD is doing and join with their
efforts. There's no sense in reinventing the wheel.
I'm just running my libcrypt through a make world to make sure it's okay -
once it's done I'll post the new source code snapshot for comment and
testing.
Kris
> -Oscar
>
> --
> For PGP Public Key: finger obonilla@fisicc-ufm.edu
>
------------------------------------------------------------------------------
The Feynman Problem-Solving Algorithm:
(1) Write down the problem
(2) Think real hard
(3) Write down the answer
------------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907222328460.42616-100000>