Re: BSD Auth

To: markucz%gmail.com@localhost
Subject: Re: BSD Auth
From: "Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost>
Date: Mon, 18 Aug 2008 14:12:10 -0400

On 18-Aug-08, at 7:50 AM, markucz%gmail.com@localhost wrote:

Straight to the point: is there a way to use BSD Auth with NetBSD?

One can try porting the BSD Auth code from OpenBSD. I have not yettried that myself.

In 4.0 one
can't do without PAM.

Perhaps not without building yourself from source.  :-)

However I seem to be doing fine without PAM in my netbsd-4 systems.

I use the following settings in my mk.conf (plus there should be somechanges to some makefiles and to the sets lists, but I haven't gotaround to them yet):

        MKPAM =         no
        USE_PAM =       no

I've lived happily without it so far. I don't mind
having it in base, I'm just curious whether it's possible to replaceitsfunctionality by BSD Auth. I managed to find some code written in2003 [1],and now I'm examining it to see what can be done with it and if itcan be
somehow integrated alongside with PAM.

I'm not sure it would make sense to have them integrated together intothe same system. In my estimation they can't really both be there inthe same build (certainly not for anyone who wants the full andguaranteed privilege separation offered by BSD Auth), and with acompile-time option the non-default one is sure to bitrot. Previousdiscussions resulted in nothing really and PAM was blasted into thetree without taking into account any technical considerations. Lameexcuses were given that somehow BSD Auth could be implemented as a PAMmodule after PAM was fully integrated, but of course that blows one ofthe main benefits of BSD Auth right out of the picture (trueguaranteed privilege separation).

Personally I think since OpenPAM is already well supported as a stand-alone project it should be they who provide an optional patch to applyto NetBSD for those system integrators who wish to offer PAM insteadof BSD Auth. :-)

--
                                        Greg A. Woods; Planix, Inc.
                                        <woods%planix.ca@localhost>

Follow-Ups:
- Re: BSD Auth
  - From: SODA Noriyuki

References:
- ar "zero" flag
  - From: Perry E. Metzger
- Re: ar "zero" flag
  - From: Jason Thorpe
- Re: ar "zero" flag
  - From: Greg A. Woods; Planix, Inc.
- Re: ar "zero" flag
  - From: Jason Thorpe
- Re: fully supporting static lining in NetBSD (ar "zero" flag)
  - From: Greg A. Woods; Planix, Inc.
- Re: fully supporting static lining in NetBSD (ar "zero" flag)
  - From: Jason Thorpe
- Re: fully supporting static linking in NetBSD (ar "zero" flag)
  - From: Greg A. Woods; Planix, Inc.
- Re: fully supporting static linking in NetBSD (ar "zero" flag)
  - From: David Holland
- Re: fully supporting static linking in NetBSD (ar "zero" flag)
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth (was: fully supporting static linking in NetBSD (ar "zero" flag))
  - From: markucz

Prev by Date: Re: BSD Auth (was: fully supporting static linking in NetBSD (ar "zero" flag))
Next by Date: Re: Stop shipping static libraries for NetBSD
Previous by Thread: Re: BSD Auth (was: fully supporting static linking in NetBSD (ar "zero" flag))
Next by Thread: Re: BSD Auth
Indexes:

Home | Main Index | Thread Index | Old Index