Subject: Re: integrating PAM
To: Jason R Thorpe <firstname.lastname@example.org>
From: Manuel Bouyer <email@example.com>
Date: 01/23/2003 22:43:34
On Thu, Jan 23, 2003 at 01:38:41PM -0800, Jason R Thorpe wrote:
> On Thu, Jan 23, 2003 at 10:28:54PM +0100, Manuel Bouyer wrote:
> > There's something I don't understand. Why can't we just add pam and bsdauth
> > to the current nsswitch implementation ?
> > I.e.allows
> > passwd: pam
> > group: pam
> > or
> > passwd: bsdauth
> > group: bsdauth
> > in /etc/nsswitch.conf
> Well... this brings us to an interesting issue of semantics.
> Let's think about a site which has NIS in use. The user entries come
> from "files" or "nis". But what you really want for authentication in
> these cases is "unix" (i.e. the standard unix password authentication
> scheme)... or maybe "krb5" ...
> The authentication data for the user is switched via PAM, but the actual
> user information (login name, user ID, etc.) is switched via NSS.
Oh, yes, nsswitch doesn't change the authentification method, it's always
the old "compare the crypted strings" way.
I mixed the 2 concepts, sorry
Manuel Bouyer <firstname.lastname@example.org>
NetBSD: 24 ans d'experience feront toujours la difference