On Thu, 6 Sep 2001, Orlando Andico wrote:
> On Thu, 6 Sep 2001, Orlando Andico wrote:
> ..
> > Errr... pam and nss are two different things. Jijo can't even get nss to
> > work, something's screwed right there.
> >
> > Example: nss provides things like getpwuid() getpwnam() getspent()
> > endspent() etc etc etc.
> >
> > PAM is just for authentication.
>
> For example, do let sendmail deliver mail, all you need is NSS. Why?
> because sendmail just checks for a local user, it doesn't need to
> authenticate.
>
> If you install a POP3 server that is NOT PAM-ified, you can work right
> there, no need for PAM -- the POP3 server just does a getpwnam() and gets
> back a result. So long as it doesn't try to grok files in /etc itself,
> this will be transparent. I got qpopper working that way on Solaris.
>
> PAM is ugly. I was subscribed to [EMAIL PROTECTED] for a long time
> because I was trying to write a PAM Oracle module. Lots of moaning and
> groaning. =\
On the contrary, i've been hacking at a certain pam_mysql module in
sourceforge. Added lots of nifty stuff like auto-sensing crypt and
crypt-md5 passwords [this is needed if you want to migrate existing
passwords], and Got it to work too.
With a mysql-based pam, i was able to centralize authentication to those
programs using pam [pop, imap, squid proxy-auth, apache], and with
saslauthd/pam i was able to use the same user database to serve cyrus-imap
auth requests. Proftpd has built in mysql support, and so does postfix
(aliases table, etc). With this solution i can move every user, _and_ his
attributes over to a mysql database, which is really nifty if i ever need
to integrate it with some sort of accounting and billing system -> read:
no more ldap provisioning, no more pesky uids!
Now my next projects are: getting samba passwords to use this system, and
putting it all together in a custom distro!
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
