Raju Mathur forced the electrons to say:
> 1. It'd be simpler to stick to LDAP since that is likely to remain as
> a standard for user-type databases. Most protocol implementations
> (e.g. SMTP, POP3, IMAP4, HTTP, PAM, etc) handle LDAP authentication
> out of the box. The same is not true of PgSQL or MySQL (or any other
> SQL implementation).
AFAICT, most protocol implementations (indeed, most software that involves
user authentication) nowadays use PAM to authenticate users. If you have
the pam_ldap module, you can authenticate via an LDAP directory, if
you have pam_pgsql, via a PGSQL database, and (the yet to be written)
pam_dna_fingerprint to authenticate using DNA fingerprints. The
application needn't be aware of the method used to authenticate users.
The problem I guess occurs when you try to add/remove a user. But then
again, even with pam_pwdb, one still has to run useradd(8) and friends
to do the same.
> 3. Do have a look at VishwaKarma. It does most of the things you
> want, using LDAP. Version 2 is in the works, and I'd be happy if
> someone can spend some time to help me finish it and locate some basic
> packages which I can steal and put into VishwaKarma.
I am not sure how well PAM works with perl, but I do urge you to
investigate the feasibility of using it in VK for authentication, so
that the user is not tied to just one method. Even if it involves the
use of an extra program (like in squid), it is my opinion that this
would go a long way in improving ease of use and robustness (maybe you
can just reuse pam_auth.c from squid with just minor changes).
Binand
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
