Thank you both for answering,
as I said, I didn't have a deeper look at that "NSS" thing before...
The advantage of PAM is clearly the possibility to configure your system
on a _per service_ (= application) basis! As much as I see, NSS can't do
that...
(yeah - if there's some brillant feature, we want even more ;-) )
________________________________________
\|Jason Clifford <jason@xxxxxxxxxx> ha scrit als Thu, 29 May 2003 14:24:11
+0100 (BST):
|On Thu, 29 May 2003, Florian Verdet wrote:
|
|> I'm extending the pam_mysql module and want to fetch HOME and SHELL
from a
|> MySQL db and pass them to the PAM application (login, ssh,...) to use
them
|> accordingly.
|
|Why do it from PAM? It's not the right place. You want a plug in to the
|NSS system calls (particularly for those to passwd, shadow and
group)that
|will allow you to use a mysql database instead of flat files for them.
|[...]
|
|> What I found was, that they fetch the info, which SHELL to execute and
|> which HOME directory to use, directly by means of the functions you,
|> Jason, named (getpw*) and therefor (often) directly from /etc/passwd !
|>
|> Is there really no way to do it from a PAM module ???
|
|It's just not the right place to do it.
|
Why not ?
Hmm... ah ok
With authentification, nothing (the password) is not passed to the
application,
therefor authentification is not that similar to getting
HOME/SHELL/UID/GID...
even if the information is ("usually") stored in the same place.
|[...]
|Jason Clifford
tnx again!
_________
Florian Verdet
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
