On Thu, Jan 23, 2003 at 01:38:41PM -0800, Jason R Thorpe wrote:
> On Thu, Jan 23, 2003 at 10:28:54PM +0100, Manuel Bouyer wrote:
> 
>  > There's something I don't understand. Why can't we just add pam and bsdauth
>  > to the current nsswitch implementation ?
>  > I.e.allows
>  > passwd: pam
>  > group: pam
>  > or
>  > passwd: bsdauth
>  > group: bsdauth
>  > in /etc/nsswitch.conf
> 
> Well... this brings us to an interesting issue of semantics.
> 
> Let's think about a site which has NIS in use.  The user entries come
> from "files" or "nis".  But what you really want for authentication in
> these cases is "unix" (i.e. the standard unix password authentication
> scheme)... or maybe "krb5" ...
> 
> The authentication data for the user is switched via PAM, but the actual
> user information (login name, user ID, etc.) is switched via NSS.

Oh, yes, nsswitch doesn't change the authentification method, it's always
the old "compare the crypted strings" way.
I mixed the 2 concepts, sorry

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--