Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-dev@g.o>
From: "Paul de Vrieze" <gentoo-user@...>
Subject: Re: User authentication ideas
Date: Mon, 14 Apr 2003 17:25:49 +0200 (CEST)
> I've recently been busying myself setting up Kerberos/LDAP directory
> to provide a NIS like authentication system for my small LAN (hopefully
> allowing single sign on at some point in the near future).
>
> What I have found is that it is currently quite a big job to get all of
> this sorted on a Gentoo server, and even when it's all running, it doesn't
> play nicely with portage (or rather, there are some ebuilds that don't
> play nicely with NIS like systems).
>
> The main problems I've found are that some ebuilds grep /etc/passwd to see
> if a specific user exists on the system, and then go and add the
> user/group with the useradd/groupadd commands.  Obviously, this doesn't
> work for users whose credentials are stored somewhere other than
> /etc/passwd.
>
> What I would like to propose is some sort of virtual package, maybe
> virtual/auth. The standard /etc/{passwd,group,shadow} authentication
> mechanism should be retained as the default (maybe call it auth-files or
> auth-shadow).  The key thing here though, is that each package that
> provides virtual/auth must provide a user{add,del} and group{add,del}
> command (maybe useradd.packagename, etc. with symlinks to
> /sbin/useradd).
>
> I am quite prepared to put some effort in to putting together a
> sys-auth/krb5-ldap ebuild, but there will need to be some coordination. It
> would be nice to be able to offer some sort of tool to switch between
> authentication mechanisms, a la RedHat authconfig.
>
> Can anybody see any problems, advantages, disadvantages, glaring issues in
> what I'm suggesting?
>

I think this is a good idea although problems could arise when
authentication is necessary to allow adding users. (maybe a list of
pending modifications could be used). I don't see that much the virtue of
authconfig, but it if a user-list method is provided together with a
user-insert/mod method, then switching should be possible (be wary of not
automatically converting certain system users)

Paul

-- 
Paul de Vrieze
Researcher
Mail: pauldv@...
Homepage: http://www.devrieze.net




--
gentoo-dev@g.o mailing list

Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Kernel compiling respecting CFLAGS
Next by thread:
Error
Previous by date:
Kernel compiling respecting CFLAGS
Next by date:
Re: Kernel compiling respecting CFLAGS


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.