PAM completeness and standardization [PR:bin/71290]

Daniel Bond db at danielbond.org
Tue May 12 11:52:07 UTC 2009 

Hi Steve and Oliver,

thanks for your replies. Sorry it has taken me some time to reply. I'm  
willing to put in some time into this issue too, maybe we could do a  
joint effort on this?

The problem report with the most information in is http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/71290 
  - DES has some good reasons, for why the patch has not been included  
in FreeBSD.

Here are some of my viewpoints about the comments in the ticket.

- I think it is really important we preserve all command-line options,  
and do not break any existing functionality what so ever.
- I also think exposing PAM code for changing passwords is a good  
thing. Either we want PAM support in FreeBSD, or we don't. If we do,  
we need to support the PAM core features - exposing this code is  
necessary, and the code needs to be polished accordingly.
- The documentation changes is nice to have, let's think about this  
when we are happy with the other stuff.


I have a NetBSD 5.0 installation on my private server, I'll start  
looking at how they have implemented PAM.


Any comments? Pointers to code that would need cleanup? Anything we  
need to be extra careful with?


Best regards,

Daniel.

--
GPG public key: EDE9C925

On Apr 17, 2009, at 8:59 PM, Steve Polyack wrote:

> Daniel Bond wrote:
>> FreeBSD has excellent PAM-support, except for the passwd-command.  
>> The passwd-command gained PAM support quite a while ago, but there  
>> is a test preventing it from working with PAM.
>> There have been outstanding PR's for this minor issue for years  
>> now, I think it's time this one got fixed. People find it  
>> frustrating that they can't change their passwords (LDAP etc), like  
>> they can in a normal PAM-based system.
>>
>>
>> I'd be happy to fix whatever needs to be done, but I need to know  
>> why it's not been fixed / what needs to be done for it to be  
>> accepted by the community.
>
> I've looked at this recently and came to a roadblock after  
> sufficiently modifying passwd code (removing the test and an  
> additional few lines) as well as including the proper lines in /etc/ 
> pam.d/sshd.  I can't recally the exact problem I had.  I will  
> probably give this another go in the future, so I am willing to put  
> in some time on this issue.
>
> Anyways, I don't have a reason for you as to why it hasn't been  
> fixed or accepted yet.  It is a long-standing issue from what I  
> understand.
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20090512/2c193258/PGP.pgp

More information about the freebsd-stable mailing list