Date: Wed, 21 Jul 1999 01:46:56 +0930 (CST) From: Kris Kennaway <kkenn@rebel.net.au> To: "David E. Cross" <crossd@cs.rpi.edu> Cc: Oscar Bonilla <obonilla@fisicc-ufm.edu>, Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>, Mike Smith <mike@smith.net.au>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au> In-Reply-To: <199907201520.LAA29350@cs.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Jul 1999, David E. Cross wrote: > > Couldn't we do this with /etc/auth.conf? What's the real purpose of this > > file? From the man page: "auth.conf contains various attributes important to > > the authentication code, most notably kerberos(5) for the time being." > > Isn't this what PAM is about? authentication? or does auth.conf cover the > > "other" part of authentication, basically the getpw* stuff? > > This is bigger than just authentication. This is about the various databases > that the machine needs to keep in touch with.. hosts, passwd, ethers, services, > protocols, group, etc... For example using auth.conf how would one [cleanly] > instruct the system that for group information it should use NIS, for hosts, > DNS, and for passwords NIS (for the passwd entry) and Kerberos (for the > password). What you would have when you are done would be very similar to > 'nsswitch.conf'. With the exception that even nsswitch.conf cannot do > everything, you still need auth.conf (shouldn't this really be pam.conf?) to > tell the system to use kerberos (or whatever) to authenticate the user. It looks like we've got some good concurrent projects happening at the moment - markm and co working on PAM, the nsswitch.conf project you're talking about, and the stuff I'm working on with modularizing crypt() and supporting per-login class password hashes (I've rewritten the library since I last posted about it and expect to have my code cleaned up by tomorrow night for another snapshot). The thing to make sure is that we don't tread on each other's toes, and basically that we look for the big picture and how all these projects fit together. Kris > -- > David Cross | email: crossd@cs.rpi.edu > Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd > Rensselaer Polytechnic Institute, | Ph: 518.276.2860 > Department of Computer Science | Fax: 518.276.4033 > I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907210141030.41996-100000>