From owner-freebsd-hackers Thu Jul 22 7: 6:19 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rebel.net.au (rebel.rebel.net.au [203.20.69.66]) by hub.freebsd.org (Postfix) with ESMTP id 12F7D15019 for ; Thu, 22 Jul 1999 07:06:03 -0700 (PDT) (envelope-from kkenn@rebel.net.au) Received: from 203.20.69.80 (dialup-10.rebel.net.au [203.20.69.80]) by rebel.net.au (8.8.5/8.8.4) with ESMTP id XAA25321 for ; Thu, 22 Jul 1999 23:35:24 +0930 Received: (qmail 33237 invoked from network); 22 Jul 1999 14:04:35 -0000 Received: from localhost (kkenn@127.0.0.1) by localhost with SMTP; 22 Jul 1999 14:04:35 -0000 Date: Thu, 22 Jul 1999 23:34:35 +0930 (CST) From: Kris Kennaway Reply-To: kkenn@rebel.net.au To: Oscar Bonilla Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD In-Reply-To: <19990721094711.C1520@fisicc-ufm.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 21 Jul 1999, Oscar Bonilla wrote: > Ok, here goes my understanding of how things should be, please correct me > if i'm wrong. > > There are three parts to the problem: > > 1. Where do we get the databases from? I mean, where do we get passwd, group, > hosts, ethers, etc from. > > This should be handled by a name service switch a la solaris. Basically > we want to be able to tell the system for each individual database where > to get the stuff from. We can add entries for each database in the system. > > 2. How to authorize the user? I mean, what sort of authentication should we > use to decide if the user should be allowed in. > > This should be handled by PAM. PAM also does other functions; session management, password management, etc. > > 3. What password hash should we use when we have the username and the > password hash? > > This should be handled by the new modularized crypt. > > Do we want to be able to tell the system where to get its pam.conf and > login.conf from? This would mean having a pam.conf and login.conf entry > in nsswitch.conf. Hmm. I don't know that this much would be useful. > Can we make a list of stuff that needs to be done to make this possible? > Something like a tasklist would be good. > > a) design and implement a name service switch. > b) make libc aware of the name service switch. > c) ??? I think we should look at what NetBSD is doing and join with their efforts. There's no sense in reinventing the wheel. I'm just running my libcrypt through a make world to make sure it's okay - once it's done I'll post the new source code snapshot for comment and testing. Kris > -Oscar > > -- > For PGP Public Key: finger obonilla@fisicc-ufm.edu > ------------------------------------------------------------------------------ The Feynman Problem-Solving Algorithm: (1) Write down the problem (2) Think real hard (3) Write down the answer ------------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message