From owner-freebsd-current@FreeBSD.ORG  Mon Dec  1 18:24:32 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C122216A4CE
	for <freebsd-current@freebsd.org>;
	Mon,  1 Dec 2003 18:24:32 -0800 (PST)
Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net
	[66.166.149.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C4ED43F93
	for <freebsd-current@freebsd.org>;
	Mon,  1 Dec 2003 18:24:30 -0800 (PST)
	(envelope-from kientzle@acm.org)
Received: from acm.org ([66.166.149.54])
	by kientzle.com (8.12.9/8.12.9) with ESMTP id hB22OQkX081835;
	Mon, 1 Dec 2003 18:24:27 -0800 (PST)
	(envelope-from kientzle@acm.org)
Message-ID: <3FCBF7D9.10609@acm.org>
Date: Mon, 01 Dec 2003 18:24:25 -0800
From: Tim Kientzle <kientzle@acm.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
References: <20031129011334.GC88553@madman.celabo.org>
	<xzpbrqw7xsb.fsf@dwp.des.no>	<20031201142737.GC99428@madman.celabo.org>
	<xzp7k1geb6x.fsf@dwp.des.no>	<20031201175925.GC244@madman.celabo.org>
	<xzpvfp0ch1z.fsf@dwp.des.no>
	<200312012250.hB1MoCMZ081007@khavrinen.lcs.mit.edu>
In-Reply-To: <200312012250.hB1MoCMZ081007@khavrinen.lcs.mit.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
cc: freebsd-current@freebsd.org
Subject: Re: NSS and PAM
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: kientzle@acm.org
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2003 02:24:32 -0000

Garrett Wollman wrote:
> <<On Mon, 01 Dec 2003 23:24:40 +0100, des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) said:
> 
>>The problem is that the authentication information needs to be stored
>>somewhere, and the usual solution is to store it in the directory, 
> 
> ...which is usually the worst possible place.  Please don't penalize
> those of us with sensible authentication systems.

Care to elaborate, Garrett?  I've been following this discussion
with some interest, and would like to see people elucidate their
positions and concerns.  Both DES and Jacques have made some
interesting points so far.

What exactly is your "sensible authentication system"?

Why is the directory "usually the worst" for storing
authentication information?

What do you think are the correct fracture points and
how do they relate to the existing PAM/NSS frameworks?

Tim