On Fri, Apr 20, 2001 at 09:10:17AM +0400, solar@openwall.com wrote: > On Tue, Apr 17, 2001 at 02:41:26PM -0500, Steve Langasek wrote: > > On Tue, 17 Apr 2001 solar@openwall.com wrote: > > > (well-documented) modules which work well in conjunction to 1) provide a > > mapping of the heirarchical, virtualhost namespace onto the flat local > > namespace and 2) allow pulling information from multiple password databases > > according to a 'domain' token. There are already modules that provide a > > subset of 2, by bouncing all authentication for a service against a flatfile > > or Berkeley DB file on the system, but I haven't seen anything yet that's > > flexible enough to query multiple databases. In any case, I don't see having > > anything as flexible as NSS without implementing 1 and actually stacking it > > with a module that uses NSS itself. > > If a PAM module consults a database for authentication, then there > should be a defined mechanism for it to extract and pass other > information needed for the service or things become less efficient. Indeed! And such an API could replace get*ent()/get*name()/... It would be best if there were hooks for PAM and such a new API to communicate such that the new API's modules could cooperate with PAM modules (e.g., a name service lookup module might need credentials from a PAM module). > -- > /sd Cheers, Nico --
