From owner-freebsd-hackers Tue Jul 20 9:19:27 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rebel.net.au (rebel.rebel.net.au [203.20.69.66]) by hub.freebsd.org (Postfix) with ESMTP id 1BC6B1533F for ; Tue, 20 Jul 1999 09:19:17 -0700 (PDT) (envelope-from kkenn@rebel.net.au) Received: from 203.20.69.75 (dialup-5.rebel.net.au [203.20.69.75]) by rebel.net.au (8.8.5/8.8.4) with ESMTP id BAA28237 for ; Wed, 21 Jul 1999 01:47:06 +0930 Received: (qmail 54661 invoked from network); 20 Jul 1999 16:16:56 -0000 Received: from localhost (kkenn@127.0.0.1) by localhost with SMTP; 20 Jul 1999 16:16:56 -0000 Date: Wed, 21 Jul 1999 01:46:56 +0930 (CST) From: Kris Kennaway Reply-To: kkenn@rebel.net.au To: "David E. Cross" Cc: Oscar Bonilla , Joe Abley , Wes Peters , Mike Smith , Dag-Erling Smorgrav , freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD In-Reply-To: <199907201520.LAA29350@cs.rpi.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 20 Jul 1999, David E. Cross wrote: > > Couldn't we do this with /etc/auth.conf? What's the real purpose of this > > file? From the man page: "auth.conf contains various attributes important to > > the authentication code, most notably kerberos(5) for the time being." > > Isn't this what PAM is about? authentication? or does auth.conf cover the > > "other" part of authentication, basically the getpw* stuff? > > This is bigger than just authentication. This is about the various databases > that the machine needs to keep in touch with.. hosts, passwd, ethers, services, > protocols, group, etc... For example using auth.conf how would one [cleanly] > instruct the system that for group information it should use NIS, for hosts, > DNS, and for passwords NIS (for the passwd entry) and Kerberos (for the > password). What you would have when you are done would be very similar to > 'nsswitch.conf'. With the exception that even nsswitch.conf cannot do > everything, you still need auth.conf (shouldn't this really be pam.conf?) to > tell the system to use kerberos (or whatever) to authenticate the user. It looks like we've got some good concurrent projects happening at the moment - markm and co working on PAM, the nsswitch.conf project you're talking about, and the stuff I'm working on with modularizing crypt() and supporting per-login class password hashes (I've rewritten the library since I last posted about it and expect to have my code cleaned up by tomorrow night for another snapshot). The thing to make sure is that we don't tread on each other's toes, and basically that we look for the big picture and how all these projects fit together. Kris > -- > David Cross | email: crossd@cs.rpi.edu > Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd > Rensselaer Polytechnic Institute, | Ph: 518.276.2860 > Department of Computer Science | Fax: 518.276.4033 > I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message