[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: module utility library [Was: Re: ... pam limits drops privileges]



There are a long list of things that seem to be common. I have no issue
with pursuing such a common function library.

My only concern is that we don't cross the line of adding new
communication channels between modules and applications. The
pluggability of the current library will break if we do the wrong thing
there. Ideally, it would be nice if a module developer could write a
module using the proposed library that would be useable on a Solaris PAM
system.

My personal preference would be for a '.a' library that gets built as
part of the Linux-PAM build and then as the modules are built, they link
in the relevant functions from that. This will help minimize
backward/forward compaitibility issues and help folk minimize the number
of 'pam' files they have to have on their system.

Finally, I don't see this sort of change as a 'major release' sort of
thing.

Cheers

Andrew

> >It seems that we should strongly consider introducing some sort of library
> >of module support functions, that individual modules could use, instead of
> >having to replicate them.  This would greatly ease module maintenance and
> >would also assist development of new functionality (both of new modules
> >and within existing modules).
> 
> FreeBSD has done a fair bit of work to eliminate wasted code. For
> example there is code to parse the standard PAM options (try_first_pass,
> for example) as well as user-defined options. Well worth integrating
> into PAM, it would make my life easier too as I wouldn't have to
> track both Linux-PAM and FreeBSD PAM for the Darwin port!
> 
> One thing, however, having written a lot of PAM modules for Darwin,
> is that I've replicated the password-changing conversation dance
> several times for different modules (NetInfo, AFP, NIS, etc). That's
> one thing that should be put in a library, but is tricky because it
> requires callbacks to authenticate a user as well as actually
> changing their passwords, and different authentication systems handle
> password changing policies differently.
> 
> cheers,
> 
> -- Luke
> 
> --
> Luke Howard | lukehoward.com
> PADL Software | www.padl.com
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []