From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from relay8.poste.it (relay8.poste.it [62.241.4.185])
	by robin.gentoo.org (8.13.3/8.13.3) with ESMTP id j2UKH79a003168
	for <gentoo-dev@robin.gentoo.org>; Wed, 30 Mar 2005 20:17:07 GMT
Received: from flameeyes.is-a-geek.org (151.44.23.70) by relay8.poste.it (7.2.052.3) (authenticated as emanuela.zanon@poste.it)
        id 420CD9F70007847C for gentoo-dev@robin.gentoo.org; Wed, 30 Mar 2005 22:17:07 +0200
From: "Diego \"Flameeyes\" =?iso-8859-1?q?Petten=F2?=" <flameeyes@users.berlios.de>
To: gentoo-dev@robin.gentoo.org
Subject: [gentoo-dev] Pluggable Hell Part 2: Fixing everything up!
Date: Wed, 30 Mar 2005 22:15:02 +0200
User-Agent: KMail/1.8
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>, <mailto:gentoo-dev@robin.gentoo.org>, <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-To: gentoo-dev@gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart6880153.czQo3hx4Qv";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200503302215.07876@enterprise.flameeyes.is-a-geek.org>
X-Archives-Salt: fcf91c66-dca8-478f-baa0-f6646874a88c
X-Archives-Hash: f9ace901af24941744dafb6c2c46e545

--nextPart6880153.czQo3hx4Qv
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Ok, second part of my odyssey in PAM implementations.
After a day searching for example config files and so on, I found out that=
=20
Linux-PAM already support the include syntax of openpam since version 0.78.
This is useful to our needs, because it allow us to have a single=20
configuration file which works on both openpam and linux-pam.

The old syntax is that:

class required pam_stack.so service=3Dsystem-auth

the new one should be:

class include system-auth

Now, to start making the changes needed to have complete openpam/linuxpam=20
intercompatibility, there's need of a few changes in tree:
=2D we need a virtual/pam, which could be provided by linux-pam or by openp=
am;
=2D we need an ebuild for openpam (i've wrote one, but still misses a few=20
points, mainly for the missing thigns here stated)
=2D we need a virtual/pam-modules which could be provided by linux-pam or b=
y a=20
new freebsd-pam-modules (they work also under linux as far as I know... i'l=
l=20
test that better when I'll have the other things working, now is a bit=20
complicated to do), openpam will pdepend on freebsd-pam-modules to provide=
=20
both in a simple way.
=2D not needed, but surely helpful, sys-libs/pam could be renamed to=20
sys-libs/linux-pam, or sys-libs/Linux-PAM which is it's exact spelling. Thi=
s=20
way we have a consistent naming scheme
=2D all the dependency on sys-libs/pam should be changed to virtual/pam (al=
so if=20
they use pam_stack.so under openpam, until we have fixed everything this=20
could be worked around by the ones using openpam... initially only=20
experimental users should use it, so they should be able to cope with broke=
n=20
configuration files, see next point for solution)
=2D the new ebuilds should add a new configuration file with the new syntax=
, and=20
should depend on: || ( >=3Dsys-libs/pam-0.78 virtual/pam ). This would fix =
the=20
previous point, as who is using openpam will use the ~arch packages which=20
will be fixed one by one (by me, submitting patches to maintainers), this w=
ay=20
the packages will work out-of-the-box for both g/linux and g/fbsd users (i=
=20
haven't searched on macosx, but should be, as they have the same userlands =
of=20
fbsd).

I'll work anyway on a pam_stack hack for openpam, also if I'm not sure if,=
=20
when and how I'll be able to make it work... also I don't like too much=20
messing with security stuff :/

Well.. if there's someone (lu_zero? :) ) which doesn't like this solution..=
=2E=20
comments accepted :)

=2D-=20
Diego "Flameeyes" Petten=F2
http://wwwstud.dsi.unive.it/~dpetteno/

--nextPart6880153.czQo3hx4Qv
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCSwjLe2h1+2mHVWMRAs4YAKCHvjKYAVjfH+r+rx9+XT2a/zXlvwCgg+tT
XH8kuKPoccJo/JyZ8C8VjZg=
=oWWv
-----END PGP SIGNATURE-----

--nextPart6880153.czQo3hx4Qv--
--
gentoo-dev@gentoo.org mailing list