On Wed, 08 Aug 2001, David Wright spewed into the ether:
<snip>
> What exactly is the problem under consideration that (given the appropriate
> modules) PAM doesn't solve?
Just one, IMHO. PAM needs root access. Not what I like. cyrus runs as a
non root user. Kevin Menard has sent me a patch which will let cyrus
contact ldap directly (from what I've understood of it, not looked very
closely).
If I may make a design suggestion, why not have authenticaion totally
configurable? Let cmd_authenticate() take a parameter from the config
file which specifies the login method.
cmd_authenticate() will roughly look like
cmd_authenticate(user,password,auth_type)
{
int result = -1;
switch (auth_type) {
"ldap": result = auth_ldap();if (result != -1) break;
"pam" : result = auth_pam(); if (result != -1) break;
"sasl: result = auth_sasl();if (result != -1) break;
"default":break; /*The user was not found here*/
}; /* End switch */
if (!result) return SUCCESS;
else return FAILURE;
};
Each auth_*() function returns a -1, 1 or a 0, 0 for success and 1 for
failure. User not found errors will be -1, allowing for fall through.
This will make it easier to add modules for authenticating from any
type of database.
Does this concept of a factory type of function make sense?
Devdas Bhagat
--
The more laws and order are made prominent, the more thieves and
robbers there will be.
-- Lao Tsu