current-users: Re: integrating PAM

Subject: Re: integrating PAM
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Jason R Thorpe <thorpej@wasabisystems.com>
List: current-users
Date: 01/23/2003 13:38:41

On Thu, Jan 23, 2003 at 10:28:54PM +0100, Manuel Bouyer wrote:

 > There's something I don't understand. Why can't we just add pam and bsdauth
 > to the current nsswitch implementation ?
 > I.e.allows
 > passwd: pam
 > group: pam
 > or
 > passwd: bsdauth
 > group: bsdauth
 > in /etc/nsswitch.conf

Well... this brings us to an interesting issue of semantics.

Let's think about a site which has NIS in use.  The user entries come
from "files" or "nis".  But what you really want for authentication in
these cases is "unix" (i.e. the standard unix password authentication
scheme)... or maybe "krb5" ...

The authentication data for the user is switched via PAM, but the actual
user information (login name, user ID, etc.) is switched via NSS.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>