From owner-freebsd-hackers  Tue Jul 20 13:44:56 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from voyager.fisicc-ufm.edu (pm2a-s37.guate.net [200.12.57.176])
	by hub.freebsd.org (Postfix) with ESMTP id E053415422
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 20 Jul 1999 13:44:35 -0700 (PDT)
	(envelope-from obonilla@voyager.fisicc-ufm.edu)
Received: (from obonilla@localhost)
	by voyager.fisicc-ufm.edu (8.9.3/8.9.3) id OAA00809;
	Tue, 20 Jul 1999 14:42:18 -0600 (CST)
	(envelope-from obonilla)
Date: Tue, 20 Jul 1999 14:42:17 -0600
From: Oscar Bonilla <obonilla@fisicc-ufm.edu>
To: Kris Kennaway <kkenn@rebel.net.au>
Cc: "David E. Cross" <crossd@cs.rpi.edu>,
	Oscar Bonilla <obonilla@fisicc-ufm.edu>,
	Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>,
	Mike Smith <mike@smith.net.au>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD
Message-ID: <19990720144217.A426@fisicc-ufm.edu>
References: <199907201520.LAA29350@cs.rpi.edu> <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.6i
In-Reply-To: <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au>; from Kris Kennaway on Wed, Jul 21, 1999 at 01:46:56AM +0930
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> It looks like we've got some good concurrent projects happening at the
> moment - markm and co working on PAM, the nsswitch.conf project you're
> talking about, and the stuff I'm working on with modularizing crypt() and
> supporting per-login class password hashes (I've rewritten the library
> since I last posted about it and expect to have my code cleaned up by
> tomorrow night for another snapshot).
> 
> The thing to make sure is that we don't tread on each other's toes, and
> basically that we look for the big picture and how all these projects fit
> together.
> 

Ok, this is my understanding of the thing:

There are two parts to the problem, first we need a way to tell the
system where to get its information from (call them databases, tables
or whatever). This should be done a la solaris, with
/etc/nsswitch.conf telling if this is to be fetched from "files, ldap,
nis, dns, etc".

We need to recode all the programs that obtain this info directly from
files to get it from a library (this would be nsd). And then code the
library itself to get the info from /etc/nsswitch.conf

Second, we need a way to authenticate the user... this is what PAM does.
What would need to be done is change the pam modules to make them
nsd aware (i.e. where should I get the passwd from?) or make them
/etc/auth.conf aware? this is the confusing part... 

where does crypt fit into this? crypt would get what from /etc/login.conf?

regards,

-Oscar

-- 
For PGP Public Key: finger obonilla@fisicc-ufm.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message