From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.3/8.13.3) with ESMTP id j2SDmVq2017169 for ; Mon, 28 Mar 2005 13:48:31 GMT Received: from relay5.poste.it ([62.241.4.67]) by smtp.gentoo.org with esmtp (Exim 4.43) id 1DFubV-0006fu-ND for gentoo-dev@robin.gentoo.org; Mon, 28 Mar 2005 13:48:29 +0000 Received: from flameeyes.is-a-geek.org (151.44.18.204) by relay5.poste.it (7.2.052.3) (authenticated as emanuela.zanon@poste.it) id 4210C2140011DA9E for gentoo-dev@gentoo.org; Mon, 28 Mar 2005 15:48:30 +0200 From: "Diego \"Flameeyes\" =?iso-8859-1?q?Petten=F2?=" To: gentoo-dev@robin.gentoo.org Subject: [gentoo-dev] The Pluggable Hell - aka Linux-PAM and non-linux gentoos User-Agent: KMail/1.8 Precedence: bulk List-Post: , , List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-To: gentoo-dev@gentoo.org MIME-Version: 1.0 Date: Mon, 28 Mar 2005 15:46:30 +0200 Content-Type: multipart/signed; boundary="nextPart10816597.3jnpNUHkNt"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503281546.35898@enterprise.flameeyes.is-a-geek.org> X-Archives-Salt: cec26626-1e8d-4be1-8424-bd7042778102 X-Archives-Hash: 8b18cc51700bf7e96ed72c3dbf392cec --nextPart10816597.3jnpNUHkNt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, as I've already posted on gentoo-bsd mailing list[1], I'm trying to get=20 gentoo/fbsd behave the same as gentoo/linux wrt pam stuff. Main problem is that g/fbsd and g/linux uses two different pam=20 implementations: Linux-PAM and OpenPAM. Also if PAM should be quite standard, most linux distribution (gentoo=20 included) ships Linux-PAM with some added modules, one of which (pam_stack)= =20 it's useful to avoid copy-and-pasting pam configuration files for different= =20 services, using the same authentication methods of another service (usually= =20 system-auth). This is useful, as allow to change a single configuration file to get all t= he=20 services use a defined authentication scheme, but it has a big drawback: it= 's=20 not portable, depends on the internal structure of Linux-PAM library. If this could be acceptable for a linux only distribution, with gentoo, the= =20 problem is quite serious. Ok we could switch g/fbsd to use Linux-PAM, as Linux-PAM is multiplatform, = in=20 spite of its name, but this won't fix the problem, as g/osx would have the= =20 same problem: macosx's pam implementation is compatible with openpam,=20 linuxpam and so on, but it doesn't support pam_stack. Now, solution of that is quite simple: just don't use pam_stack, and conver= t=20 all the pam configuration file to duplicate the default system-auth=20 authentication scheme. If someone needs to change the way system-auth works= ,=20 adding ldap, samba or something like that for authentication, they should=20 also be able to change the needed other services, such as sshd, ftpd, pop3= =20 and imapd stuff. This is not the only thing needed to fix everything up. All the packages wh= ich=20 depends on sys-libs/pam should be changed, as g/fbsd, g/osx and other=20 g/non-linux can have other implementations of pam. My suggestion is adding = a=20 virtual/pam which could be used, so that g/osx will provide it directly,=20 g/fbsd could provide it via its own packages (or using an openpam package,= =20 which could be used on linux, too), and linux still can use sys-libs/pam. Also, it could be better rename sys-libs/pam into sys-libs/linux-pam: also = if=20 the name isn't restrictive, that's the right name for them: it's not "The=20 PAM". [1] http://news.gmane.org/gmane.linux.gentoo.bsd =2D-=20 Diego "Flameeyes" Petten=F2 http://wwwstud.dsi.unive.it/~dpetteno/ --nextPart10816597.3jnpNUHkNt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBCSAq7e2h1+2mHVWMRAm23AKCueuAFz8dH8duu5Yx1hncCik4A5gCg8L5L JlmZY5Cyma8IO4EqvFXZwbE= =zTEy -----END PGP SIGNATURE----- --nextPart10816597.3jnpNUHkNt-- -- gentoo-dev@gentoo.org mailing list