Well...
I've looked at RFC-86.0 (gotta love Netscape's Net-Search!), and I've
pulled down Theodore Ts'o's work. And it does look like the PAM API
will make it easy for authoring of new (yet uninvented) authentication
modules that work with existing services (like dtlogin)...
The bad news is this: Theodore Ts'o's work is a backend library for
PAM. One could use it as a model for PAM, or one could use it to
design a PAM compatible application, but it will not (naturally) add
PAM to existing systems. Individual applications (like dtlogin) need
to written to conform to PAM before PAM will be useful to them.
So with all this talk of PAM on Solaris I started to poke around
are 2.4 and 2.5 systems, looking for /usr/include/security/pam*.h
and looking in the symbol tables for various libraries such as libauth.
It appears that Solaris already has something *sort* of like pam, but
not as full-featured (no way to configure it except by replacement of
the libraries, as far as I can see). It DOES NOT include any support
for PAM, however -- at least in the current release of CDE/Solaris 2.5.
We can hope that this will appear in the next version of CDE/Solaris, but
we are probably SOL until then, unless someone has a source license
to CDE... :^)
So now I am on track B. I am considering writing something that would
look and behave very much like the Motifish dtlogin (including support
for multiple X session files), basing it upon vanilla X11R6 xdm. Anyone
else interested in such a project? If I do such a thing, I'd like to
make the source freely available, assuming QUALCOMM will let me. :^)
But if someone knows more about when PAM might be available from Sun
(i.e. soon), then maybe I should just wait. I don't want to wait a
year for this, though... (I'll probably write a Motifish dtlock clone
while I'm at it -- again basing my work on xlock, as did dtlock, I am
sure.)
Oh, one other benefit of writing my own: I can provide a consist login
screen for all of my architectures: Solaris, SunOS, HP-UX (9 & 10), IRIX,
Linux, BSDI...
-- Garrett
On Thu, 25 Jul 1996 19:12:14 -0700 (PDT) [EMAIL PROTECTED] wrote:
> Garrett D'Amore writes:
> > Hmmm....
> >
> > I am very willing to work on getting preliminary PAM stuff done, and
> > I would at least like to do this for our site. Is it possible to get
> > info on what the hooks are, and what symbols need to be defined by
> > the libraries, etc? Or does one need a site source license from Sun...
> > (I hope not!) If someone has some stuff already implemented that would
> > work as well, I'd be happy to test it out, debug, add functionality,
> > whatever. This is a very hot issue at our site.
> >
>
> You can try contacting Vipin Samar at Sun ([EMAIL PROTECTED]) to see
> if you can get on the 2.6 beta program. Other then that, you might want
> to track down the Linux free-PAM port and also look at the OSF DCE
> RFC on PAM (86.0 if I recall correctly). I was also talking with someone
> from Sun at the USENIX Security conference today and they thought
> that a version of CDE with PAM in it was shipping. I'm not sure if
> the programming interface is exposed in the CDE version or if they are
> waiting for the 2.6 release. There will be a full set of PAM man pages
> included with 2.6 as well as a sample PAM module. The Linux PAM project
> might already have the PAM man pages...
>
> roland
>
