authentication
Charlie Brady
cbrady at ind.tansu.com.au
Mon Oct 27 12:20:01 GMT 1997
On Fri, 24 Oct 1997, Luke Kenneth Casson Leighton wrote:
> On Fri, 24 Oct 1997, Leslie Mikesell wrote:
>
> > I know the domain authentication business is pretty new, but are
> > there any plans to integrate it with anything beyond windows clients?
> > That is, could I someday hope to have a single password file and
> > server and validate everything against it through combinations of
> > PAM/radius/CHAP/PAP/LDAP/NIS+ or something not invented yet?
>
> i'm going to say yes. but it depends on whether someone does any work on
> this or not. i'm currently working on smbclient, so that i can test
> smbd, and also so that it will be relatively simple for someone to write
> a PAM for linux.
To answer Leslie's question in a different way, and in fact to restate
the question:
> > That is, could I someday hope to have a single password file and
> > server and validate everything against it through combinations of
> > radius/CHAP/PAP/LDAP/NIS+ or something not invented yet?
Yes, this is precisely the intention of PAM - to move the authentication
code out of applications which require authentication, and leave behind
hooks into a programmable authentication subsystem. Then you can have one
or more authentication databases, as you wish, without the applications
being modified. PAM exists for Linux (www.kernel.org/pub/linux/libs/pam/)
and Solaris, and might be on the way for FreeBSD. It's designed to be a
portable standard.
Getting back to the original question, PAM is not another alternative to
radius/CHAP/ etc, but a nice unifying way of using all those from
applications. A PAM module for LDAP especially welcome, I would guess.
Ditto for ports to other platforms.
Charlie Brady - Telstra |internet: cbrady at ind.tansu.com.au
Network Products |Snail : Locked Bag 6581, GPO Sydney 2001 Australia
Platform Technologies |Physical : Lvl 2, 175 Liverpool St, Sydney 2000
IN-Sub Unit - Sydney | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301
More information about the samba
mailing list