hi, there! On Tue, 20 Jul 1999, Oscar Bonilla wrote:
> > It looks like we've got some good concurrent projects happening at the > > moment - markm and co working on PAM, the nsswitch.conf project you're > > talking about, and the stuff I'm working on with modularizing crypt() and > > supporting per-login class password hashes (I've rewritten the library > > since I last posted about it and expect to have my code cleaned up by > > tomorrow night for another snapshot). > > > > The thing to make sure is that we don't tread on each other's toes, and > > basically that we look for the big picture and how all these projects fit > > together. > > > > Ok, this is my understanding of the thing: > > There are two parts to the problem, first we need a way to tell the > system where to get its information from (call them databases, tables > or whatever). This should be done a la solaris, with > /etc/nsswitch.conf telling if this is to be fetched from "files, ldap, > nis, dns, etc". > > We need to recode all the programs that obtain this info directly from > files to get it from a library (this would be nsd). And then code the > library itself to get the info from /etc/nsswitch.conf You misunderstand the main goal of NSS -- you need not recode anything -- NSS substitutes getxxxbyzzz libc functions > Second, we need a way to authenticate the user... this is what PAM does. > What would need to be done is change the pam modules to make them > nsd aware (i.e. where should I get the passwd from?) or make them > /etc/auth.conf aware? this is the confusing part... > > where does crypt fit into this? crypt would get what from /etc/login.conf? go to http://www.padl.com and read about LDAP + NSS and PAM deployment schemes /fjoe To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
