On Wed, 16 Apr 1997, Adam Slattery wrote: > > Well, I think it would be nice to have getpwnam() be a source for > > pam_crypt. > Ok. This is priority #2. (After the sshd issue I found last night). I really > didn't think many people used non-default nsswitch.conf files, and I've had > several people ask me how to easily add non-system accounts for > name_your_service. This was my reasoning for not using getpwnam. I > definately made a big misjudgement. I'd like to kill this discussion; > support will be added before I ask Andrew to include pam_crypt in Linux-PAM. > It might even be implemented in pam_crypt-0.0.4; we'll see :). The big ones that need to be supported by any pam_unix replacement are NIS, NIS+, and Berkeley DB. I'd like to be able to call two of these three legacy systems:), but unfortunately there are many in the world who don't agree with that assessment. > Take bcrypt for example: OpenBSD uses it. Solar Designer made a glibc patch, > but I haven't met anybody that actually uses it. When pam_crypt is more > widely used, I can gaurantee you that a lot of people will start using > bcrypt on their linux boxes. In fact, I know somebody that does > this now with pam_crypt :-). Since portability to other OSes is a concern for Linux-PAM, even integrated bcrypt support in glibc doesn't eliminate the need for bcrypt support in PAM. One of my long-term aspirations for pam_unix is to reorder the module such that it can detect what crypt algorithms are supported by the OS crypt() function, and compile in its own implementation for *only* those it needs to provide. > PS: What is up with this brazilian auto-responder thing? It is getting > extremely anoying. Does anybody else get messages from terra@zaz.com.br > whenever they post to the list? The auto-responder is actually a bounce message. I've contacted pam-list-admin (just yesterday, actually) asking if they could track down the guilty party and unsubscribe them. Haven't heard anything back, though. Steve Langasek postmodern programmer
