[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: module utility library [Was: Re: ... pam limits drops privileges]



On Fri, 14 Sep 2001, Andrew Morgan wrote:

> There are a long list of things that seem to be common. I have no issue
> with pursuing such a common function library.

Thanks for a favourable response to this idea.

> My only concern is that we don't cross the line of adding new
> communication channels between modules and applications. The
> pluggability of the current library will break if we do the wrong thing
> there. Ideally, it would be nice if a module developer could write a
> module using the proposed library that would be useable on a Solaris PAM
> system.

Definitely agreed!  We must ensure portability to UNIX systems with their
own PAM implementations.  Implicit in my suggestion is that the API
(shared across all these implementations) remains unchanged: we are simply
talking about internal (inside the modules) code re-useability.  (Our own
site is Solaris...)

> My personal preference would be for a '.a' library that gets built as
> part of the Linux-PAM build and then as the modules are built, they link
> in the relevant functions from that. This will help minimize
> backward/forward compaitibility issues and help folk minimize the number
> of 'pam' files they have to have on their system.

There is an argument for the possibility of a ".so" library.  (But don't
let that distract us at the moment, nor the wider question of "libtool"!) 

> Finally, I don't see this sort of change as a 'major release' sort of
> thing.

OK.  (I had suggested "major" simply because this was more than a trivial
isolated-within-a-module patch...)

The initial, and very real, hurdle would seem to be putting the initial
structure in place in CVS. 

Andrew: is there any possibility that you, as CVS chief, could set the
ball rolling, perhaps using one or more of "_pam_log()", "converse" and
"make_remark()" as an example?  That then gives us a real foundation
for our own further suggestions and experiments.

(My own chief interest, by the way, is the "pam_cracklib" module, which is
basically a "pam_sm_chauthtok()" subroutine.)

Hope that helps.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []