On Wed, 08 Aug 2001, David Wright spewed into the ether:
<snip>
> What exactly is the problem under consideration that (given the appropriate 
> modules) PAM doesn't solve?

Just one, IMHO. PAM needs root access. Not what I like. cyrus runs as a
non root user. Kevin Menard has sent me a patch which will let cyrus
contact ldap directly (from what I've understood of it, not looked very
closely).

If I may make a design suggestion, why not have authenticaion totally
configurable? Let cmd_authenticate() take a parameter from the config
file which specifies the login method.
cmd_authenticate() will roughly look like
cmd_authenticate(user,password,auth_type)
{
int result = -1;
switch (auth_type) {
        "ldap": result = auth_ldap();if (result != -1) break;
        "pam" : result = auth_pam(); if (result != -1) break;
        "sasl:   result = auth_sasl();if (result  != -1) break;
        "default":break;        /*The user was not found here*/
}; /* End switch */

if (!result) return SUCCESS;
else return FAILURE;
};

Each auth_*() function returns a -1, 1 or a 0, 0 for success and 1 for
failure. User not found errors will be -1, allowing for fall through.

This will make it easier to add modules for authenticating from any
type of database.
Does this concept of a factory type of function make sense?

Devdas Bhagat
--
The more laws and order are made prominent, the more thieves and
robbers there will be.
                -- Lao Tsu

Reply via email to