[JDEV] mod_auth_pam [was: mod_auth_crypt]
Fabien Ninoles
fabien at Nightbird.Dynamic.TZoNE.ORG
Mon Aug 6 23:42:52 CDT 2001
On Tue, Aug 07, 2001 at 10:39:47AM +1000, Robert Norris wrote:
> > So, now, I will look to register and authenticate directly against the
> > /etc/passwd file of the server. Must be easier than LDAP ;)
>
> Except that if the system is using shadow passwords, the crypted password
> will be in /etc/shadow and only root can get at it. Also, some systems
> (eg mine :P ) are using MD5 for passwords instead of crypt.
That's what I aim, and simply a comparaison, is too simple for the
challenge (mod_auth_crypt already help me to do the check) and most
system are now either MD5 (except for some NIS) and at least shadowed,
so I prefer not. I just have to learn how to use libpam :)
mod_auth_crypt just encrypt the password to not save it in clear in the
username xdb file (whatever it is). Is intend has a in-place
replacement of mod_auth_plain. However, as I said, mod_auth_digest need
the clear text password and so, can't be use with it. But I find (and
it's just a personal taste) more secure mod_auth_crypt+ssl instead of
mod_auth_digest. Just a question of choice.
> Has anyone done any work on a mod_auth_pam? Ooh, interesting code idea.
> I need a new project ;)
I don't care much if we duplicate our work a little; Learning pam is something I
want to do for a long time now. BTW, using pam aren't allow us to use
any kind of authentification allowed by PAM? Including all the config
options? I think the only trouble will be with mod_registry who will
need to authenticate first before registering the new user.
It will be cool if the user doesn't exist to have an option letting the
user fill a form so that the information is sent to the admin for latter
processing. Can be great (and could also be done for the standard
mod_registry with new user). Don't know if the jabber protocol support
such thing.
>
> Regards,
> Rob.
Have a good day/night,
Fabien
--
fabien at tzone.org http://www.tzone.org/~fabien
GPG KeyID: C15D FE9E BB35 F596 127F BF7D 8F1F DFC9 BCE0 9436
More information about the JDev
mailing list