Subject: PAM
To: NetBSD current users mailing list <current-users@netbsd.org>
From: David Ferlier <david@netbsd-fr.org>
List: current-users
Date: 03/10/2003 05:30:05
Hi all,
It's been two nights i have been working on PAM integration in NetBSD, and i
wanted to have some inputs about the work i did.
Basically, i started off from OpenPAM that is included in FreeBSD, because it
was just looking better than Linux-PAM (the license was a plus too ;)
As i have no NetBSD account, i created a new NetBSD CVS repository, starting
from 1.6P, that is accessible at happy-hacking.homeunix.org
(CVSROOT: ":pserver:anoncvs@happy-hacking.homeunix.org:/pub/cvs") .
There's a CVSweb interface at:
http://happy-hacking.homeunix.org/cvs
There's read-only anoncvs access (login: anoncvs, password: access).
Now, on the code side.
I added src/lib/libpam; inside there are libpam (the code for the library),
modules (the PAM modules), and include. The whole PAM library compiles fine,
with some mandatory tweaks (notably openpam_dynamic.c and others).
I added openpam_modules_paths.h, that contains an array of paths that PAM can
use to dlopen() modules. It basically contains "/usr/lib/security" and
"/usr/pkg/lib/security", but we can easily change them. This way, PAM won't be
able to load modules in /usr/lib or /usr/pkg/lib. That's a point i'd like to
have input on ;)
I removed some modules that have nothing to do in the base tree of PAM,
pam_radius for example.
I reworked pam_unix to make it work with nis password changing and other things.
I added src/etc/pam.d where live all the PAM policys (a make install installs
them in /etc/pam.d, and i added a file openpam_policy_paths.h (included from
openpam_configure.c) that lists paths allowed for policy files, basically
/usr/pkg/etc/pam.d and /etc/pam.d)
For applications that use PAM: i worked on the following applications, for now:
- login
- su
- ftpd
All of them work fine with PAM now.
I have also code for telnetd and sshd, but i didn't test it though.
pam_bsdauth is also on my todo-list 8-)
David
--
David Ferlier -- david@netbsd-fr.org
http://happy-hacking.homeunix.org (IPV4) ||
http://cobaye.segfault.quatriemek.com (IPV6)