From owner-freebsd-chat Sun Apr 28 11:11:12 2002 Delivered-To: freebsd-chat@freebsd.org Received: from server2.highperformance.net (ip30.gte4.rb1.bel.nwlink.com [209.20.215.30]) by hub.freebsd.org (Postfix) with ESMTP id E27AE37B416 for ; Sun, 28 Apr 2002 11:11:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by server2.highperformance.net (8.12.3/8.12.3) with ESMTP id g3SIAlBl019566 for ; Sun, 28 Apr 2002 11:10:57 -0700 (PDT) (envelope-from jcw@highperformance.net) Date: Sun, 28 Apr 2002 11:10:47 -0700 (PDT) From: "Jason C. Wells" To: freebsd-chat@freebsd.org Subject: How much PAM is enough? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was wondering what kind of implementation of PAM and native FreeBSD authentication folks use. Specifically, it seems that one can use various PAM modules to supplant various FreeBSD functionalities. For example, there exists a module "pam_nologin". Why would I want to use a PAM module when FreeBSD supports this natively? So I have concluded that my pam.d config will add only those modules needed to incorporate special functionalities. For example, I have included pam_krb5 port to work with the MIT kerberos port. I will add pam_ldap soon. It seems to me that one should be able to provide authentication with 4-6 modules in the stack. On the net I see examples of many modules in the stack. What is your opinion on the matter? Is FreeBSD moving farther down the PAM path and away from standard unix authentication? It would seem so. Thanks, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message