Re: CALL for PAM support

[Ben Collins <bcollins@debian.org>]

On Sat, May 22, 1999 at 05:56:32PM -0400, Adam Di Carlo wrote:
> >>>>> "BenC" == Ben Collins <collinbm@djj.state.va.us> writes:
>
> BenC> This is just a little reminder concerning PAMification of
> BenC> potato. I want to urge all maintainers who's programs do any
> BenC> sort of authentication or account management to seek PAM patches
> BenC> (or just enabling PAM if the program already supports it).
>
> I fully agree.  I suggest that someone file Important bugs on *core*
> non-compliant packages.  By core, I mean stuff like useradd, adduser,
> login, telnet, ftp, etc.  The 2nd tier, which maybe is unrealistic for
> potato, is that all daemons include PAM support, that is, pop server,
> sshd, etc.

useradd and adduser (and similar tools) are shadow centric and don't
need (or can't really be made) to support PAM. For instance they don't
support NIS directly, nor LDAPns.

> Does PAM support also affect web servers?  Can someone talk to us
> about this aspect?

There is a libapache-mod-pam, which enables apache auth using PAM
modules, already packaged. It has some drawbacks due to permissions
(apache runs as www-data so it cannot access /etc/shadow). This can't
be avoided however.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <bcollins@debian.org>                        Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org     The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --