Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-dev@g.o>
From: <gdjohn@...>
Subject: User authentication ideas
Date: Mon, 14 Apr 2003 16:15:29 +0100 (BST)
I've recently been busying myself setting up Kerberos/LDAP directory to
provide a NIS like authentication system for my small LAN (hopefully
allowing single sign on at some point in the near future).

What I have found is that it is currently quite a big job to get all of
this sorted on a Gentoo server, and even when it's all running, it doesn't
play nicely with portage (or rather, there are some ebuilds that don't
play nicely with NIS like systems).

The main problems I've found are that some ebuilds grep /etc/passwd to see
if a specific user exists on the system, and then go and add the
user/group with the useradd/groupadd commands.  Obviously, this doesn't
work for users whose credentials are stored somewhere other than
/etc/passwd.

What I would like to propose is some sort of virtual package, maybe
virtual/auth. The standard /etc/{passwd,group,shadow} authentication
mechanism should be retained as the default (maybe call it auth-files or
auth-shadow).  The key thing here though, is that each package that
provides virtual/auth must provide a user{add,del} and group{add,del}
command (maybe useradd.packagename, etc. with symlinks to /sbin/useradd).

I am quite prepared to put some effort in to putting together a
sys-auth/krb5-ldap ebuild, but there will need to be some coordination. It
would be nice to be able to offer some sort of tool to switch between
authentication mechanisms, a la RedHat authconfig.

Can anybody see any problems, advantages, disadvantages, glaring issues in
what I'm suggesting?

Cheers,

Gareth.




--
gentoo-dev@g.o mailing list

Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
opt-in distributed portage network
Next by thread:
Kernel compiling respecting CFLAGS
Previous by date:
Re: Is there a process for marking ebuilds stable?
Next by date:
Kernel compiling respecting CFLAGS


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.