Re: PAM & LDAP in FreeBSD

Tue, 20 Jul 1999 06:37:16 -0700 

On Tue, Jul 20, 1999 at 10:59:30PM +1200, Joe Abley wrote:
> On Mon, Jul 19, 1999 at 06:00:26PM -0600, Oscar Bonilla wrote:
> > I agree. In solaris (and linux by the way) all you do is set
> > passwd      ldap files
> > in /etc/nsswitch.conf
> > and that's it.
> 
> In Solaris, it's
> 
> passwd: ldap files
>       ^
> 
> nsswitch.conf(4), SunOS 5.5.1:
> 
>      ...
>      There is an entry in /etc/nsswitch.conf for  each  database.
>      Typically  these entries will be simple, such as "protocols:
>      files" or "networks: files nisplus".  However, when multiple
>      sources  are  specified  it is sometimes necessary to define
>      precisely the circumstances under which each source will  be
>      tried.  A source can return one of the following codes:
> 
>           Status          Meaning
>           SUCCESS         Requested database entry was found
>           UNAVAIL         Source is not responding or corrupted
>           NOTFOUND        Source responded "no such entry"
>           TRYAGAIN        Source  is  busy,  might   respond   to
>                           retries
> 
>      For each status code, two actions are possible:
> 
>           Action          Meaning
>           continue        Try the next source in the list
>           return          Return now
> 
>      The complete syntax of an entry is
> 
>      <entry>     ::= <database> ":" [<source> [<criteria>]]*
>      <criteria>  ::= "[" <criterion>+ "]"
>      <criterion> ::= <status> "=" <action>
>      <status>    ::= "success" | "notfound" | "unavail" | "tryagain"
>      <action>    ::= "return"  | "continue"
>      ...
> 
> Actually, this message is now bordering on the useful, when all I meant
> to be was pedantic. I'll stop now, before I go too far; suffice to say
> the Solaris implementation has some other elements worthy of consideration
> if compatability is worth aiming for.
> 
> It's maybe worth mentioning that /etc/host.conf might be a candidate for
> the attic if the Solaris implementation was adopted on a wholesale basis
> (i.e. including the "hosts:" key).
> 

Couldn't we do this with /etc/auth.conf? What's the real purpose of this
file? From the man page: "auth.conf contains various attributes important to 
the authentication code, most notably kerberos(5) for the time being."
Isn't this what PAM is about? authentication? or does auth.conf cover the 
"other" part of authentication, basically the getpw* stuff?

Regards,

-Oscar

-- 
For PGP Public Key: finger [EMAIL PROTECTED]


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to