From owner-freebsd-hackers  Tue Jul 20  8:22:57 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from cs.rpi.edu (mumble.cs.rpi.edu [128.213.8.16])
	by hub.freebsd.org (Postfix) with ESMTP id 8C60A1531A
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 20 Jul 1999 08:22:52 -0700 (PDT)
	(envelope-from crossd@cs.rpi.edu)
Received: from cs.rpi.edu (phoenix.cs.rpi.edu [128.113.96.153])
	by cs.rpi.edu (8.9.3/8.9.3) with ESMTP id LAA29350;
	Tue, 20 Jul 1999 11:20:08 -0400 (EDT)
Message-Id: <199907201520.LAA29350@cs.rpi.edu>
To: Oscar Bonilla <obonilla@fisicc-ufm.edu>
Cc: Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>,
	Mike Smith <mike@smith.net.au>, "David E. Cross" <crossd@cs.rpi.edu>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG, crossd@cs.rpi.edu
Subject: Re: PAM & LDAP in FreeBSD 
In-Reply-To: Message from Oscar Bonilla <obonilla@fisicc-ufm.edu> 
   of "Tue, 20 Jul 1999 08:28:25 MDT." <19990720082825.B793@fisicc-ufm.edu> 
Date: Tue, 20 Jul 1999 11:20:02 -0400
From: "David E. Cross" <crossd@cs.rpi.edu>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Couldn't we do this with /etc/auth.conf? What's the real purpose of this
> file? From the man page: "auth.conf contains various attributes important to 
> the authentication code, most notably kerberos(5) for the time being."
> Isn't this what PAM is about? authentication? or does auth.conf cover the 
> "other" part of authentication, basically the getpw* stuff?

This is bigger than just authentication.  This is about the various databases
that the machine needs to keep in touch with.. hosts, passwd, ethers, services,
protocols, group, etc...   For example using auth.conf how would one [cleanly]
instruct the system that for group information it should use NIS, for hosts,
DNS, and for passwords NIS (for the passwd entry) and Kerberos (for the
password).  What you would have when you are done would be very similar to
'nsswitch.conf'.  With the exception that even nsswitch.conf cannot do
everything, you still need auth.conf (shouldn't this really be pam.conf?) to
tell the system to use kerberos (or whatever) to authenticate the user.


BTW: To clear up some possible misunderstanding from earlier, I am 100% 
in support of /etc/nsswitch.conf for FreeBSD.  My "FreeNSD" ;)  'nsd' server
would read /etc/nsswitch.conf for its configuration, just like the Irix
version does.

--
David Cross                               | email: crossd@cs.rpi.edu 
Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd 
Rensselaer Polytechnic Institute,         | Ph: 518.276.2860            
Department of Computer Science            | Fax: 518.276.4033
I speak only for myself.                  | WinNT:Linux::Linux:FreeBSD


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message