Hi Binand,
>>>>> "Binand" == Binand Raj S <[EMAIL PROTECTED]> writes:
Binand> Raju Mathur forced the electrons to say:
>> 1. It'd be simpler to stick to LDAP since that is likely to
>> remain as a standard for user-type databases. Most protocol
>> implementations (e.g. SMTP, POP3, IMAP4, HTTP, PAM, etc) handle
>> LDAP authentication out of the box. The same is not true of
>> PgSQL or MySQL (or any other SQL implementation).
Binand> AFAICT, most protocol implementations (indeed, most
Binand> software that involves user authentication) nowadays use
Binand> PAM to authenticate users. If you have the pam_ldap
Binand> module, you can authenticate via an LDAP directory, if you
Binand> have pam_pgsql, via a PGSQL database, and (the yet to be
Binand> written) pam_dna_fingerprint to authenticate using DNA
Binand> fingerprints. The application needn't be aware of the
Binand> method used to authenticate users.
Binand> The problem I guess occurs when you try to add/remove a
Binand> user. But then again, even with pam_pwdb, one still has to
Binand> run useradd(8) and friends to do the same.
PAM is good, but not so hot in a virtual hosting scenario. I agree
that one could use PAM for most stuff, but for VishwaKarma I find it
easier to use LDAP direct, without having to go through contortions to
get PAM to accept and authenticate using proprietary schema's.
>> 3. Do have a look at VishwaKarma. It does most of the things
>> you want, using LDAP. Version 2 is in the works, and I'd be
>> happy if someone can spend some time to help me finish it and
>> locate some basic packages which I can steal and put into
>> VishwaKarma.
Binand> I am not sure how well PAM works with perl, but I do urge
Binand> you to investigate the feasibility of using it in VK for
Binand> authentication, so that the user is not tied to just one
Binand> method. Even if it involves the use of an extra program
Binand> (like in squid), it is my opinion that this would go a
Binand> long way in improving ease of use and robustness (maybe
Binand> you can just reuse pam_auth.c from squid with just minor
Binand> changes).
Uh, actually it's not the robustness and ease of use I'm concerned
about -- those exist anyway as far as I know. VishwaKarma has been
working without problems on multiple servers for over 6 months, with
zero or minimal tech support :-)
Regards
-- Raju
Binand> Binand
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
