This is just a little reminder concerning PAMification of potato. I want to urge all maintainers who's programs do any sort of authentication or account management to seek PAM patches (or just enabling PAM if the program already supports it). There are several ways of obtaining patches:
1) Check ftp.us.kernel.org/pub/linux/libs/pam/index.html 2) Check another distribution that has a patch 3) Ask me, and I'll try to get you one (please try 1 & 2 first :) Three things you want to be aware of when integrating PAM into your application: 1) If the PAM patch or program's built-in version of PAM support uses libpwdb in any way, you need to disable this support. It causes problems with NIS and other forms of non-local name services. most of it also duplicates what libc already does. You can detect this in several ways. One is the inclusion of pwdb.h header in source files and also -lpwdb during the linking of the program. Just check with ldd on the program to make sure it is _not_ linked with libwpdb. If you need help removing pwdb from the PAM support, feel free to contact me. 2) Your program must supply a file in /etc/pam.d/ (the name of the file is important and coincides with the name passed to the pam_start() call in the program). You can find a default pamd conf file in /etc/pam.d/other. 3) Unless your program has some special needs, only the modules listed in /etc/pam.d/other are needed. There are other modules, but they are generally not needed. The modules used by default are the pam_unix_*.so group, which uses libc's internal calls and gives the same type of authentication as you would get without PAM (as a default, this is what we want). DO NOT USE pam_pwdb.so in a default setup! I will hurt you and file a plethera of bugs against all of your packages (even non-related ones :). This is related to #1 above. If after all this you still have questions, please feel free to email me directly. Sincerely, Ben Collins
