Subject: Re: "BSD Authentication"
To: None <seebs@plethora.net>
From: Todd Vierling <tv@pobox.com>
List: current-users
Date: 11/22/1998 20:37:29
On Sun, 22 Nov 1998 seebs@plethora.net wrote:
: >Pluggable Authentication Modules. Provides for a dlopen()ed set of
: >libraries that can allow authentication for user ID's via any mechanism
: >(/etc/passwd, YP, Kerberos, RSA, SQL, ...). The difference, from what I can
: >see of this minor discussion, is that PAM allows authentication for anything
: >from Web servers to interactive logins to POP3 servers. Its use is not
: >restricted to login(1).
:
: Anything that wanted to do authentication could use the libc hooks; for
: instance, on BSD/OS, you can set up radiusd to use any of the authentication
: methods, ftpd to use other ones, and so on...
I suppose I misunderstood somewhat - I was thinking that login_whatever(1)
was a program chosen by login(1) to be exec()d in its place. In that case,
it sounds as if these are servers for a particular type of database.
PAM is similar, but doesn't require communication with a server (or
"middleman server", in the case of things like YP or SQL or radius). The
code is run in the space of the process doing authentication, via a shlib.
--
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)