hi, there!
On Tue, 20 Jul 1999, Oscar Bonilla wrote:
> > It looks like we've got some good concurrent projects happening at the
> > moment - markm and co working on PAM, the nsswitch.conf project you're
> > talking about, and the stuff I'm working on with modularizing crypt() and
> > supporting per-login class password hashes (I've rewritten the library
> > since I last posted about it and expect to have my code cleaned up by
> > tomorrow night for another snapshot).
> >
> > The thing to make sure is that we don't tread on each other's toes, and
> > basically that we look for the big picture and how all these projects fit
> > together.
> >
>
> Ok, this is my understanding of the thing:
>
> There are two parts to the problem, first we need a way to tell the
> system where to get its information from (call them databases, tables
> or whatever). This should be done a la solaris, with
> /etc/nsswitch.conf telling if this is to be fetched from "files, ldap,
> nis, dns, etc".
>
> We need to recode all the programs that obtain this info directly from
> files to get it from a library (this would be nsd). And then code the
> library itself to get the info from /etc/nsswitch.conf
You misunderstand the main goal of NSS -- you need not recode anything --
NSS substitutes getxxxbyzzz libc functions
> Second, we need a way to authenticate the user... this is what PAM does.
> What would need to be done is change the pam modules to make them
> nsd aware (i.e. where should I get the passwd from?) or make them
> /etc/auth.conf aware? this is the confusing part...
>
> where does crypt fit into this? crypt would get what from /etc/login.conf?
go to http://www.padl.com and read about LDAP + NSS and PAM deployment
schemes
/fjoe
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
