[EMAIL PROTECTED] (Gregory S. Stark) writes:

> I asked once earlier, but no one responded: 
> Does anyone know how PAM modules should be packaged?

You can look at Red Hat for examples.

> Where should they be installed? Is there some way to register them, or some
> script to run to offer the sysadmin the option of making the new module the
> global default? Personally I think PAM modules are one of the big missing
> links for Unix system and no distribution would be complete without a solid
> architecture for dealing with them. We have ppp-pam and pam packages, but how
> does packaging further modules work?

> Kerberos won't be properly supported until there's a PAM module for it
> packaged. There are a couple around, but I have no idea how to package them.
> I don't even know how PAM is configured and I don't use it here at all.

PAM modules go in /lib/security.  Programs are configured to use these
modules by editing configuration files in /etc/pam.d/.  There is one
file for each client program.  These files should be included with
the respective client programs.

(On Solaris, all programs are controlled from one file: /etc/pam.conf.)


A package for a kerberos module would contain the module in
/lib/security, whatever configuration files the module needs in /etc
(like server name, etc), and perhaps a script in /usr/sbin that
adds kerberos to the existing /etc/pam.d/* files.


A longer term goal would be a gtk or newt based program that lets the
user configure security without editting /etc/pam.d/* files directly.


Steve
[EMAIL PROTECTED]


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to