From owner-freebsd-hackers Tue Jul 20 7:32: 4 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from voyager.fisicc-ufm.edu (ip-46-094.guate.net [200.12.46.94]) by hub.freebsd.org (Postfix) with ESMTP id 46F8F15187 for ; Tue, 20 Jul 1999 07:31:41 -0700 (PDT) (envelope-from obonilla@voyager.fisicc-ufm.edu) Received: (from obonilla@localhost) by voyager.fisicc-ufm.edu (8.9.3/8.9.3) id IAA00827; Tue, 20 Jul 1999 08:28:25 -0600 (CST) (envelope-from obonilla) Date: Tue, 20 Jul 1999 08:28:25 -0600 From: Oscar Bonilla To: Joe Abley Cc: Oscar Bonilla , Wes Peters , Mike Smith , "David E. Cross" , Dag-Erling Smorgrav , freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <19990720082825.B793@fisicc-ufm.edu> References: <199907192111.OAA01326@dingo.cdrom.com> <3793ABE0.15090E38@softweyr.com> <19990719180026.A830@fisicc-ufm.edu> <19990720225929.A9510@patho.gen.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <19990720225929.A9510@patho.gen.nz>; from Joe Abley on Tue, Jul 20, 1999 at 10:59:30PM +1200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jul 20, 1999 at 10:59:30PM +1200, Joe Abley wrote: > On Mon, Jul 19, 1999 at 06:00:26PM -0600, Oscar Bonilla wrote: > > I agree. In solaris (and linux by the way) all you do is set > > passwd ldap files > > in /etc/nsswitch.conf > > and that's it. > > In Solaris, it's > > passwd: ldap files > ^ > > nsswitch.conf(4), SunOS 5.5.1: > > ... > There is an entry in /etc/nsswitch.conf for each database. > Typically these entries will be simple, such as "protocols: > files" or "networks: files nisplus". However, when multiple > sources are specified it is sometimes necessary to define > precisely the circumstances under which each source will be > tried. A source can return one of the following codes: > > Status Meaning > SUCCESS Requested database entry was found > UNAVAIL Source is not responding or corrupted > NOTFOUND Source responded "no such entry" > TRYAGAIN Source is busy, might respond to > retries > > For each status code, two actions are possible: > > Action Meaning > continue Try the next source in the list > return Return now > > The complete syntax of an entry is > > ::= ":" [ []]* > ::= "[" + "]" > ::= "=" > ::= "success" | "notfound" | "unavail" | "tryagain" > ::= "return" | "continue" > ... > > Actually, this message is now bordering on the useful, when all I meant > to be was pedantic. I'll stop now, before I go too far; suffice to say > the Solaris implementation has some other elements worthy of consideration > if compatability is worth aiming for. > > It's maybe worth mentioning that /etc/host.conf might be a candidate for > the attic if the Solaris implementation was adopted on a wholesale basis > (i.e. including the "hosts:" key). > Couldn't we do this with /etc/auth.conf? What's the real purpose of this file? From the man page: "auth.conf contains various attributes important to the authentication code, most notably kerberos(5) for the time being." Isn't this what PAM is about? authentication? or does auth.conf cover the "other" part of authentication, basically the getpw* stuff? Regards, -Oscar -- For PGP Public Key: finger obonilla@fisicc-ufm.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message