[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] Re: Transition: new PAM config file handling in unstable

To: Steve Langasek <vorlon@xxxxxxxxxxxxxx>
Subject: Re: [Devel] Re: Transition: new PAM config file handling in unstable
From: Petter Reinholdtsen <pere@xxxxxxxxxx>
Date: 24 Aug 2003 18:43:48 +0200
Cc: devel@xxxxxxxxxxxxx, hartmans@xxxxxxxxxx
In-reply-to: <20030823192341.GD2185@quetzlcoatl.dodds.net>
List-archive: <https://init.linpro.no/pipermail/skolelinux.no/devel/>
List-help: <mailto:devel-request@skolelinux.no?subject=help>
List-id: <devel.skolelinux.no>
List-post: <mailto:devel@skolelinux.no>
List-subscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=subscribe>
List-unsubscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=unsubscribe>
References: <20030821033758.GA30831@quetzlcoatl.dodds.net> <2fl4r08cpvr.fsf@saruman.uio.no> <20030823192341.GD2185@quetzlcoatl.dodds.net>
Reply-by: Tue, 1 Jan 1801 04:37:40 +1000
Sender: devel-admin@xxxxxxxxxxxxx
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2

[Steve Langasek]
> I'm fairly certain that neither Sam nor I would have the time to
> work on this piece ourselves before sarge's release, but if you're
> able to prepare a suitable tool for managing authentication choices,
> it's possible it could still be considered for inclusion in sarge.

It will need to be designed first, so we better get started. :)

As I see it, there are at least these issues here:

 - setting in NSS selection order (/etc/nsswitch.conf)
 - setting up PAM selection order (/etc/pam.d/*)
 - setting in the module specific config (like /etc/pam_ldap.conf,
   /etc/libnss-ldap.conf and /etc/yp.conf).

I am not sure if this is enough, and how much flexibility the system
should provide.  Should the user just select files, NIS, LDAP,
Kerberos, SMB, and this will enable a fixed configuration, or should
the user be able combine at will, and a reasonable configuration be
generated?  I believe the first option is most useful to new users and
first time installs.

Skolelinux can provide a set of working configuration files for LDAP.

References:
- [Devel] Re: Transition: new PAM config file handling in unstable
  - From: Petter Reinholdtsen
- [Devel] Re: Transition: new PAM config file handling in unstable
  - From: Steve Langasek

Prev by Date: [Devel] [Bug 420] Bugzilla Component field must be translated to english
Next by Date: [Devel] New Skolelinux CD image prerelease 40 (pr40)
Previous by thread: [Devel] Re: Transition: new PAM config file handling in unstable
Next by thread: [Devel] [Bug 445] New: kdm does not honour shadowAccount
Index(es):
- Date
- Thread