NSS and PAM

Dag-ErlingSmørgrav des at des.no
Sat Nov 29 05:20:29 PST 2003


Richard Coleman <richardcoleman at mindspring.com> writes:
> Replacing passwd/group/NSS/PAM/whatever with a real database or
> directory backend is a kind of holy grail for Unix that's been
> discussed for many years.

You're mixing apples and oranges here.  NSS and PAM are not backends
in themselves; they are frameworks that allow the admin to select and
combine directory and authentication backends and policies.  You can't
get by without them, because you will never find a single solution
that can replace the entire installed base of LDAP, Radius, TAC+,
Kerberos etc., and you can't enforce policy from the backend.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-current mailing list