[19754] in Kerberos
Re: which krb5 PAM module on Solaris 8?
daemon@ATHENA.MIT.EDU (Brian Davidson)
Mon Aug 4 11:51:20 2003
Date: Mon, 04 Aug 2003 11:46:32 -0400
From: Brian Davidson <bdavids1@gmu.edu>
In-reply-to: <Pine.LNX.4.44.0308032156170.31791-100000@u1055693.ul.warwick.net>
To: kerberos@mit.edu
Message-id: <D24C104C-C692-11D7-9631-000393CCB774@gmu.edu>
MIME-version: 1.0
Content-type: text/plain; charset=US-ASCII; format=flowed
Content-transfer-encoding: 7BIT
Errors-To: kerberos-bounces@mit.edu
Why not use nsswitch for authorization? I'm assuming it's available on
Solaris since Sun developed it (I don't have any Solaris boxes at the
moment). Basically all password file lookups are redirected to LDAP
via nss_ldap. It seems to me that authentication is best left to PAM,
while authorization is better handled by a hook into the system calls
that are used for authorization (i.e. what nsswitch does).
Brian
On Sunday, August 3, 2003, at 10:09 PM, Jason Prondak wrote:
>
> As for the ldap stuff. Why not the pam_ldap supplied by SUN?
>
> --jason
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
