1 |
On Monday 28 March 2005 16:18, Luca Barbato wrote: |
2 |
> Let's replace it or fix pam-stack to work on openpam. |
3 |
Ok a bit of an update on this, as me and Luca talked about it on #gentoo-dev.. |
4 |
Removing pam_stack in favour of classical unix authentication can be |
5 |
considered a regression, so we need an alternative. |
6 |
|
7 |
Luca also found a mailing list message[1] of Dmitry V. Levin of AltLinux, |
8 |
which refers to the include feature in openpam[2], and a patch to linux-pam |
9 |
to support the same inclusion scheme. |
10 |
That message also refers to debian way of thinking this pluggable hell, but I |
11 |
don't know too much about it. |
12 |
|
13 |
The solution could be of implementing pam_stack on openpam, and include on |
14 |
linux-pam, to have them working flawlessy, but imho this is too much an |
15 |
overhead, just implementing include on linux-pam and fixing the pam |
16 |
configuration files to use it could be simpler. |
17 |
I'll help as far as I can if this is needed, just I need a bit of time to see |
18 |
exactly how this is used. |
19 |
|
20 |
Still, i do think that having a virtual/pam is needed if we want to support |
21 |
more than one pam implementation. |
22 |
|
23 |
For who wants to take a look to pam internals, it's described by OpenGroup's |
24 |
RFC 86.0 [3]. |
25 |
|
26 |
[1] http://archives.neohapsis.com/archives/pam-list/2003-09/0036.html |
27 |
[2] http://sourceforge.net/project/shownotes.php?release_id=171575 |
28 |
[3] http://www.opengroup.org/tech/rfc/rfc86.0.html |
29 |
-- |
30 |
Diego "Flameeyes" Pettenò |
31 |
http://wwwstud.dsi.unive.it/~dpetteno/ |