On Wed, 21 Jul 1999, Oscar Bonilla wrote:
> Ok, here goes my understanding of how things should be, please correct me
> if i'm wrong.
>
> There are three parts to the problem:
>
> 1. Where do we get the databases from? I mean, where do we get passwd, group,
> hosts, ethers, etc from.
>
> This should be handled by a name service switch a la solaris. Basically
> we want to be able to tell the system for each individual database where
> to get the stuff from. We can add entries for each database in the system.
>
> 2. How to authorize the user? I mean, what sort of authentication should we
> use to decide if the user should be allowed in.
>
> This should be handled by PAM.
PAM also does other functions; session management, password management,
etc.
>
> 3. What password hash should we use when we have the username and the
> password hash?
>
> This should be handled by the new modularized crypt.
>
> Do we want to be able to tell the system where to get its pam.conf and
> login.conf from? This would mean having a pam.conf and login.conf entry
> in nsswitch.conf.
Hmm. I don't know that this much would be useful.
> Can we make a list of stuff that needs to be done to make this possible?
> Something like a tasklist would be good.
>
> a) design and implement a name service switch.
> b) make libc aware of the name service switch.
> c) ???
I think we should look at what NetBSD is doing and join with their
efforts. There's no sense in reinventing the wheel.
I'm just running my libcrypt through a make world to make sure it's okay -
once it's done I'll post the new source code snapshot for comment and
testing.
Kris
> -Oscar
>
> --
> For PGP Public Key: finger oboni...@fisicc-ufm.edu
>
------------------------------------------------------------------------------
The Feynman Problem-Solving Algorithm:
(1) Write down the problem
(2) Think real hard
(3) Write down the answer
------------------------------------------------------------------------------
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
