On Mon, Jul 21, 2025 at 12:47 PM Dominik George <n...@naturalnet.de> wrote: > > Hi, > > currently, the userdb system only allows querying for User Records and > Group Records, hence providing a modern replacement for NSS. > > I would like to propose an addition to make it support authentication as > well. The additions to the io.systemd.UserDatabase Varlink interface > are:
I think at first you should describe the problem you want to solve, so that people have a chance to look, if your design solves the problem, if there are missing pieces, if it makes sense at all or if there isn't already a working solution? And I'm not sure if combining a service providing user records with authentication is a good thing. These are two different things which have not much in common and make security only harder. Yes, the PAM protocol is now 30 years old and it was designed for password authentication without knowing anything about SSO, 2FA or something similar. But this is also the advantage: since it is so old, everything out there in the world is supporting it. If you come with a systemd only solution: there are also systems without systemd, and ISVs will not support two solutions. So whatever you plan, make sure it can be called by a PAM module. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
