Re: [gentoo-dev] The Pluggable Hell - aka Linux-PAM and non-linux gentoos

[Diego \"Flameeyes\" Pettenò]

On Monday 28 March 2005 16:18, Luca Barbato wrote:
> Let's replace it or fix pam-stack to work on openpam.
Ok a bit of an update on this, as me and Luca talked about it on #gentoo-dev..
Removing pam_stack in favour of classical unix authentication can be 
considered a regression, so we need an alternative.

Luca also found a mailing list message[1] of Dmitry V. Levin of AltLinux, 
which refers to the include feature in openpam[2], and a patch to linux-pam 
to support the same inclusion scheme.
That message also refers to debian way of thinking this pluggable hell, but I 
don't know too much about it.

The solution could be of implementing pam_stack on openpam, and include on 
linux-pam, to have them working flawlessy, but imho this is too much an 
overhead, just implementing include on linux-pam and fixing the pam 
configuration files to use it could be simpler.
I'll help as far as I can if this is needed, just I need a bit of time to see 
exactly how this is used.

Still, i do think that having a virtual/pam is needed if we want to support 
more than one pam implementation.

For who wants to take a look to pam internals, it's described by OpenGroup's 
RFC 86.0 [3].

[1] http://archives.neohapsis.com/archives/pam-list/2003-09/0036.html
[2] http://sourceforge.net/project/shownotes.php?release_id=171575
[3] http://www.opengroup.org/tech/rfc/rfc86.0.html
-- 
Diego "Flameeyes" Pettenò
http://wwwstud.dsi.unive.it/~dpetteno/

pgp0mJ545EBIT.pgp
Description: PGP signature