> Couldn't we do this with /etc/auth.conf? What's the real purpose of this > file? From the man page: "auth.conf contains various attributes important to > the authentication code, most notably kerberos(5) for the time being." > Isn't this what PAM is about? authentication? or does auth.conf cover the > "other" part of authentication, basically the getpw* stuff?
This is bigger than just authentication. This is about the various databases that the machine needs to keep in touch with.. hosts, passwd, ethers, services, protocols, group, etc... For example using auth.conf how would one [cleanly] instruct the system that for group information it should use NIS, for hosts, DNS, and for passwords NIS (for the passwd entry) and Kerberos (for the password). What you would have when you are done would be very similar to 'nsswitch.conf'. With the exception that even nsswitch.conf cannot do everything, you still need auth.conf (shouldn't this really be pam.conf?) to tell the system to use kerberos (or whatever) to authenticate the user. BTW: To clear up some possible misunderstanding from earlier, I am 100% in support of /etc/nsswitch.conf for FreeBSD. My "FreeNSD" ;) 'nsd' server would read /etc/nsswitch.conf for its configuration, just like the Irix version does. -- David Cross | email: cro...@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
