Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Nov 1998 15:33:05 -0800 (PST)
From:      John Polstra <jdp@polstra.com>
To:        current@FreeBSD.ORG
Subject:   HEADS UP: Install new /etc/pam.conf file from /usr/src/etc
Message-ID:  <XFMail.981120153305.jdp@polstra.com>
next in thread | raw e-mail | index | archive | help 
I have just committed a new file "src/etc/pam.conf", which controls
the PAM authentication methods used by login and (some day) other such
utilities.  Users of FreeBSD-current should install this file into
"/etc".  Kerberos users should uncomment the entry for KerberosIV.
See pam(8) for a description of the file's format.

For those folks who haven't heard about it, PAM stands for Pluggable
Authentication Modules.  It is a flexible way to configure the kinds
of authentication (passwd/NIS, S/Key, Kerberos, RADIUS, TACACS+) used
in your system.  Each authentication method is encapsulated in an
application-independent PAM module, a shared object.  Under control of
the pam.conf file, the PAM library loads the selected modules, calls
well-defined entry points in them, and gets back results indicating
whether the user was successfully authenticated by each module.  This
means that entirely new authentication methods (say, KerberosV) can be
introduced in the future, without recompiling or even relinking login
or other such applications.  Also, sysadmins can change or reorder
the selection of authentication methods on their systems without
recompiling or rebuilding anything.  All it takes is an edit of
"/etc/pam.conf".

Later today, I'll be committing the changes to "/usr/bin/login"
to make it use PAM.  There is a fallback mechanism that serves
as a safety net and transition aid.  If login cannot find an
"/etc/pam.conf" file, or if some other fatal PAM error occurs, it will
fall back on passwd/NIS authentication.  It will also log an error via
syslog describing what problem it encountered.

John
---
  John Polstra                                               jdp@polstra.com
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Nobody ever went broke underestimating the taste of the American public."
                                                            -- H. L. Mencken

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.981120153305.jdp>