On Wed, Apr 16, 1997 at 03:56:47PM -0500, Adam Slattery wrote: > > Well, I think it would be nice to have getpwnam() be a source for > > pam_crypt. > > Ok. This is priority #2. (After the sshd issue I found last night). I really > didn't think many people used non-default nsswitch.conf files, and I've had > several people ask me how to easily add non-system accounts for > name_your_service. This was my reasoning for not using getpwnam. I > definately made a big misjudgement. I'd like to kill this discussion; > support will be added before I ask Andrew to include pam_crypt in Linux-PAM. > It might even be implemented in pam_crypt-0.0.4; we'll see :). :) > > Also, how do you plan to support password changing? Is it done in a > > modular way as well? If so, which modules are available? > > Pam_crypt already does this :). I think I discussed this in an earlier Yes, but, pam_unix handles password changing with /etc/passwd, NIS, NIS+ (?) and so on and pam_ldap handles password changing with LDAP and so on. I.e., there are two ways in which pam_crypt has to be modular: 1. Crypt() types 2. Name service types -- use NSS [getpwnam()] :) 3. Password changing protocols -- related to (2), but NSS doesn't help :( The interesting thing is that (1) is NOT related to either (2) nor (3). That is, you can use multiple different crypt types within a single name service (though you can have only one crypted password per-user). So modularity with respect to (2) and (3) must not be related (1). So, is pam_crypt modular with respect to password changing? Are you providing any password changing modules? Which ones? > Thanks. You guys have been a huge help in deciding the direction of > pam_crypt. I'll be out of town until tuesday night. > -Adam > > Current primary site: http://www.whstechs.org/pam_crypt/ > Alternate site: http://seculinux.hackersclub.com/pam_crypt/ > > > PS: What is up with this brazilian auto-responder thing? It is getting > extremely anoying. Does anybody else get messages from terra@zaz.com.br > whenever they post to the list? It's also on the Kerberos lists. Very obnoxious. Cheers, Nico --
