Ok. My work on pam_unix is in a stalled state now... I should finish it sometime (not so many left to do). But what interesting (and caused me to write this) - I found a pam_unix2 module by Thorsten Kukuk -- this one I was unable to find for a long time. Oha, it is on kernel.org/.../NIS+/ directory! Complete url is: http://www.kernel.org/pub/linux/utils/net/NIS+/pam_unix2.tar.gz And I looked to it. And it seemed to be clean and good (as compared to current one and to my :) ). It has some glibc-specific pieces, and probably a big amount of code for nis+ (also good one but not needed for any site). And it have very nice mechanism of finding the "source" of system password (e.g. files, nis, ... -- nsswitch) (but this place is really _very_ glibc specific). Not to say that this is bad, but mostly non-portable (not good for open-pam, but ok for linux-pam). And this module has been well tested already, as it seemed to be. The question. May _this_ Thorsten's module be used in linux-pam in place of it's current pam_unix? I know that this question is mostly for Thorsten. At least I was not able to find any annoncements here (and even any references) to this module. Module probably should be changed a bit in respect of handling new passwords (bigcrypt issues, other hashes etc as discussed on this list), but other things are in place. (Maybe even made nis+ support optional, especially keyserver notifications). And if that is ok, we already have a good pam_unix implementation... Regards, Michael.
