On Wed, Nov 19, 2008 at 08:32:42AM -0800, Garrett D'Amore wrote: > This problem (one of multiple credential databases, and separation of > account namespaces, or at least credential details, into different > databases) sounds like one of the areas where we (Sun/Solaris) can > innovate. Right now there is a vacuum here, and so projects are faced > with either inventing their own, or using the system credentials. > > The idea of using PAM infrastructure seems like a good one to me. But > designing a full framework that allows for multiple authentication dbs > is something that might not be trivial.
Use of PAM needs to be optional. There's no reason that the user base for any service or instance thereof needs to be the same as the Unix user base for the host running that service/instance. For Internet facing services which aren't edge services for internal users the need is usually to authenticate identities which bear little or no resemblance to the Unix user base on the hosts providing the service. Nico --
