Subject: Re: integrating PAM
To: Ken Hornstein <firstname.lastname@example.org>
From: Greywolf <email@example.com>
Date: 01/23/2003 10:39:19
On Thu, 23 Jan 2003, Ken Hornstein wrote:
[KH: So, what exactly was the back-end authentication system that PAM was
[KH: using in this case? I mean, I'm not saying PAM is perfect, but it's
[KH: really just a shim to some other kind of authentication system. I have
[KH: a hard time believing, for example, a PAM module that implemented
[KH: the traditional Unix /etc/passwd authentication would really impact
[KH: performace at all. And if it was something like LDAP ... is it PAM
[KH: that was at fault, or LDAP?
If PAM can be implemented as a shim, or it can just have a pass-thru-and-
don't-call-any-pam-layering kind of deal, that would be the way to go.
I.e. without it being a PITA, it would be *so* nice to have the options of
credauth(USER, username) -> pam.auth[USER](username) ->
BSD_authmod(username) -> getpwnam(user)
credauth(USER, username) -> getpwnam(user)
NetBSD: The free OS with a money back guarantee!