Date: Fri, 11 Jul 2008 15:01:50 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: Tim Judd <tajudd@gmail.com>, members@mlug.missouri.edu, sgmayo@mail.bloomfield.k12.mo.us Subject: Re: Ldap NSS PAM Samba Message-ID: <200807111501.50971.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <4876A338.2010502@gmail.com> References: <2714.204.184.27.217.1215704516.squirrel@mail.bloomfield.k12.mo.us> <4876A338.2010502@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 11 July 2008 02:03:04 Tim Judd wrote:
> I can't quote easily what the difference
> between NSS and PAM is
PAM is a module that abstracts authentication, it does not authenticate
itself, yet asks "providers" if the information passed to it is correct and
then relays this to the application or tries a different method if this is
allowed.
NSS is an abstraction of cryptographic protocols, applied to a network. In
this schema, it is a transport provider:
------- Application ------- ----- Network -----
/ \ / \
+---------------+ +-----+ +-----+ +---------------+
+ User/password | <---> | PAM | <---> | NSS | <---> | LDAP database +
+---------------+ +-----+ +-----+ +---------------+
\ /
\______Authentication______/
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807111501.50971.fbsd.questions>