Hi James, Thanks for the review. I'll look integrating it deeper into the core of authn unless I hear anyone raising concerns on this. The major reason I did it this way was to ensure that users using the existing version weren't going to get stuck with an incompatible config file after an upgrade, but I'll take another dig into it and see if I can come up with a safe way to stay backwards compatible.
Although with your authn_pam module I'm not sure the chainloading function would be as useful as we could overlay it internally on the system with pam's fallback mechanism. I was also thinking of extending the authn return to be a tri-state similar to postfix's address verification service. I was thinking it would be a ladder type fall through, but at any stage a module could return (ok, unknown, or fail) so user names that are correct, but have the wrong password wouldn't fall through to a future authn module. Any other thoughts on overlapping usernames? How do others feel about this in general? Are there any other custom authn plugins out there? (not looking to share, just want to see if I'm missing other edge cases) Thanks, James On Tue, Nov 1, 2011 at 6:40 PM, James Cammarata <j...@sngx.net> wrote: > On Wed, Oct 26, 2011 at 1:28 AM, James Clendenan > <james.clende...@gmail.com> wrote: > > Hi All, > > > > I've attached an updated version of the authentication chain loading > plugin. > > > > It should apply cleanly to 2.2.1 now, as a few directories have been > moved around. > > > > Let me know if you run into any problems with it. > > I really like this idea, but I don't think it should be a module on > its own. Rather, I'd like to see it baked into the authn code itself > so that you could simply specify all of the modules you'd like to use > (in order of precedence) in modules.conf like this: > > [authentication] > module = authn_configfile authn_ldap authn_denyall > > If you'd like to rework this, let me know, otherwise I'll add it to my > list of stuff to get done (most likely this would be in the release > after next). If you do decide to tackle this and need any pointers, > let me know and I'll aim you at the right lines of code. > _______________________________________________ > cobbler-devel mailing list > cobbler-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/cobbler-devel >
_______________________________________________ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler-devel
