From owner-freebsd-hackers  Tue Jul 20  9:19:27 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from rebel.net.au (rebel.rebel.net.au [203.20.69.66])
	by hub.freebsd.org (Postfix) with ESMTP id 1BC6B1533F
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 20 Jul 1999 09:19:17 -0700 (PDT)
	(envelope-from kkenn@rebel.net.au)
Received: from 203.20.69.75 (dialup-5.rebel.net.au [203.20.69.75])
          by rebel.net.au (8.8.5/8.8.4) with ESMTP
	  id BAA28237 for <freebsd-hackers@FreeBSD.ORG>; Wed, 21 Jul 1999 01:47:06 +0930
Received: (qmail 54661 invoked from network); 20 Jul 1999 16:16:56 -0000
Received: from localhost (kkenn@127.0.0.1)
  by localhost with SMTP; 20 Jul 1999 16:16:56 -0000
Date: Wed, 21 Jul 1999 01:46:56 +0930 (CST)
From: Kris Kennaway <kkenn@rebel.net.au>
Reply-To: kkenn@rebel.net.au
To: "David E. Cross" <crossd@cs.rpi.edu>
Cc: Oscar Bonilla <obonilla@fisicc-ufm.edu>,
	Joe Abley <jabley@patho.gen.nz>, Wes Peters <wes@softweyr.com>,
	Mike Smith <mike@smith.net.au>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD 
In-Reply-To: <199907201520.LAA29350@cs.rpi.edu>
Message-ID: <Pine.BSF.4.10.9907210141030.41996-100000@morden.rebel.net.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 20 Jul 1999, David E. Cross wrote:

> > Couldn't we do this with /etc/auth.conf? What's the real purpose of this
> > file? From the man page: "auth.conf contains various attributes important to 
> > the authentication code, most notably kerberos(5) for the time being."
> > Isn't this what PAM is about? authentication? or does auth.conf cover the 
> > "other" part of authentication, basically the getpw* stuff?
> 
> This is bigger than just authentication.  This is about the various databases
> that the machine needs to keep in touch with.. hosts, passwd, ethers, services,
> protocols, group, etc...   For example using auth.conf how would one [cleanly]
> instruct the system that for group information it should use NIS, for hosts,
> DNS, and for passwords NIS (for the passwd entry) and Kerberos (for the
> password).  What you would have when you are done would be very similar to
> 'nsswitch.conf'.  With the exception that even nsswitch.conf cannot do
> everything, you still need auth.conf (shouldn't this really be pam.conf?) to
> tell the system to use kerberos (or whatever) to authenticate the user.

It looks like we've got some good concurrent projects happening at the
moment - markm and co working on PAM, the nsswitch.conf project you're
talking about, and the stuff I'm working on with modularizing crypt() and
supporting per-login class password hashes (I've rewritten the library
since I last posted about it and expect to have my code cleaned up by
tomorrow night for another snapshot).

The thing to make sure is that we don't tread on each other's toes, and
basically that we look for the big picture and how all these projects fit
together.

Kris

> --
> David Cross                               | email: crossd@cs.rpi.edu 
> Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd 
> Rensselaer Polytechnic Institute,         | Ph: 518.276.2860            
> Department of Computer Science            | Fax: 518.276.4033
> I speak only for myself.                  | WinNT:Linux::Linux:FreeBSD



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message