There are a long list of things that seem to be common. I have no issue with pursuing such a common function library. My only concern is that we don't cross the line of adding new communication channels between modules and applications. The pluggability of the current library will break if we do the wrong thing there. Ideally, it would be nice if a module developer could write a module using the proposed library that would be useable on a Solaris PAM system. My personal preference would be for a '.a' library that gets built as part of the Linux-PAM build and then as the modules are built, they link in the relevant functions from that. This will help minimize backward/forward compaitibility issues and help folk minimize the number of 'pam' files they have to have on their system. Finally, I don't see this sort of change as a 'major release' sort of thing. Cheers Andrew > >It seems that we should strongly consider introducing some sort of library > >of module support functions, that individual modules could use, instead of > >having to replicate them. This would greatly ease module maintenance and > >would also assist development of new functionality (both of new modules > >and within existing modules). > > FreeBSD has done a fair bit of work to eliminate wasted code. For > example there is code to parse the standard PAM options (try_first_pass, > for example) as well as user-defined options. Well worth integrating > into PAM, it would make my life easier too as I wouldn't have to > track both Linux-PAM and FreeBSD PAM for the Darwin port! > > One thing, however, having written a lot of PAM modules for Darwin, > is that I've replicated the password-changing conversation dance > several times for different modules (NetInfo, AFP, NIS, etc). That's > one thing that should be put in a library, but is tricky because it > requires callbacks to authenticate a user as well as actually > changing their passwords, and different authentication systems handle > password changing policies differently. > > cheers, > > -- Luke > > -- > Luke Howard | lukehoward.com > PADL Software | www.padl.com > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
