Hello,
Thanks to all who responded to this thread so far.
So, Do we agree that dante cannot be integrated as is into Solaris ?
TIA
Mayuresh
Nicolas Williams wrote:
> On Wed, Nov 19, 2008 at 12:40:01PM -0500, James Carlson wrote:
>
>> Nicolas Williams writes:
>>
>>> It's called embedded_su(1M) :)
>>>
>> I disagree. embedded_su was designed for applications that need to do
>> the equivalent of 'su', but that need to do it from within some
>> non-CLI environment. It's for the "click here and enter your admin
>> password" GUI bits.
>>
>> In this case, we're not trying to *become* that UID at all. We don't
>> care about the UID; it's irrelevant for the daemon. We care only
>> about authenticating a user *name*.
>>
>
> embedded_su can do that just fine, just tell it to exec /bin/true (or
> false) :)
>
> But yes, I see the point, and I'll raise that embedded_su already has
> much of the code you need to build an "authenticator daemon."
>
> If you're trying to say "authenticate non-Unix users via PAM" that's
> another story. In the past I've pushed that angle too, but it's never
> caught on, and at least one ARC member, IIRC, strongly believes that PAM
> is solely for *Unix user* authentication and not intended for
> authenticating other types of users.
>
> OTOH, I'm pretty sure that people have used Apache with mod_auth_pam to
> implement authentication of non-Unix users, and have done so
> successfully -- libpam itself doesn't care about what {PAM_SERVICE,
> PAM_USER} refers to, it only knows how to run PAM_SERVICE and the rest
> is up to the configuration for that service.
>
> Nico
>
