NSS and PAM, dynamic vs. static

Matthias Andree ma at dt.e-technik.uni-dortmund.de
Sat Nov 29 05:01:05 PST 2003


"Jacques A. Vidrine" <nectar at FreeBSD.org> writes:

> On Wed, Nov 26, 2003 at 02:00:08AM +0100, Matthias Andree wrote:
>> Matthew Dillon <dillon at apollo.backplane.com> writes:
>> 
>> >     How much do you intend to use NSS for?  I mean, what's the point of
>> >     adopting this cool infrastructure if all you are going to do with it
>> >     is make a better PAM out of it?
>> 
>> The important thing is that NSS allows to plug modules such as LDAP or
>> PostgreSQL for user base management. PAM is only halfway there and
>> doesn't give libc et al. a notion of a user or group context (in spite
>> of its "account" context), NSS does. One might discuss if PAM is really
>> needed with NSS in place, but it's hard to think of a system without
>> NSS and removing PAM now doesn't look right.
>
> NSS and PAM do not overlap.

I wonder how PAM gets "system" authentication information for pam_pwdb
or pam_unix or how it's called today and on the pertinent system if not
through NSS. Reimplementation of these "passwd/shadow/whatever"
mechanisms?

-- 
Matthias Andree

Encrypt your mail: my GnuPG key ID is 0x052E7D95


More information about the freebsd-current mailing list