On Wed, 1 Nov 2000, The Big Guy wrote: >> How do you see PAM being useful in your configuration? It's possible that >> PAM may be useful at some stage of this process, but I don't see where. > PAM's useful in this area when you consider that you've got PHP, MySQL, > Apache, Squid and PPPd all configured for PAM, and then you want to cast the > box "out there" somewhere. It leaves ample room for all applications to be > configured against the same authing mechanism with minimal effort - this is > particularly relevant when the box could change authentication (Ie; from > Radius to Tacacs .. or worse case - to NT's SMB auth). The problem here is that the poster explicitly stated this needed to work with PPP CHAP authentication. That means that it WON'T work with pam_pwdb, pam_unix, pam_kerberos, pam_ntdom, pam_userdb, or any other PAM module that backends onto a user database where passwords are stored in encrypted form. I would be surprised if pam_ldap worked at all, and pam_radius_auth will only work if talking to a Radius server that supports CHAP -- which rules out most of the Radius servers that run under Unix. And that pretty much takes me to the end of the list of PAM authentication modules that I can think of. Unless you have PHP, MySQL, Apache, Squid, and pppd all configured for PAM and using a module /other/ than the above, one which uses a cleartext password database, then you don't gain any interoperability at all by introducing PAM into the above equation. Steve Langasek postmodern programmer
