From: (no name) (no email)
Date: Wed Aug 08 2001 - 18:52:49 EDT
> > What exactly is the problem under consideration that
> > (given the appropriate modules) PAM doesn't solve?
>
> Just one, IMHO. PAM needs root access.
Interesting that your one problem is different from Lawrence
Greenfeld's.
PAM only needs root access if it's authenticating off /etc/shadow. Few
medium-to-large scale operations today distribute passwords via NIS to
shadow files. Most, like mine, use LDAP, and you can authenticate off
an LDAP database without being root. For a very secure setup, hash the
passwords in the LDAP database (gives shadow-like security) and grant
compare access to your client machines (allows them to authenticate
without even read access).
|
|
|