Petition for the inclusion of PAM in the next Slackware release
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Also doesn't OpenPAM provide the same modules as Linux-PAM?
It provides next to no modules. There's pam_deny, pam_permit and pam_unix. Linux-PAM on the other hand, well, here's the link, you can see for yourself. It would be a lot more work to add and test modules for OpenPAM.
Then there's also the question of whether you could use PAM knowledge from other Linux distros on Slackware if OpenPAM was used. Some of it would be usable, but why not all or most of it, which would be possible with Linux-PAM?
So basically OpenPAM only does the basics of (permit)yes, (deny)no, or (unix)default modules? Wouldn't that technically be easier to test?
The actual PAM modules being used in any particular setup is determined by the configuration file(s) in /etc/pam.d/. It doesn't matter if there are tons of modules in /usr/lib[64]/security; unless there are specific references to them in a configuration file, they won't be called. Testing a very basic Linux-PAM configuration would be easy: you just set up a simple PAM configuration with very few modules (like those mentioned) and test it.
OpenPAM sounds like a very peculiar beast with only 3 modules. There has to be 3rd party modules available from somewhere, otherwise OpenPAM just represents an unnecessary detour on the way to /etc/shadow. Or it could be intended as a PAM compatibility shim, I guess.
It provides next to no modules. There's pam_deny, pam_permit and pam_unix.
Are you sure about that? This list seems pretty complete, and according to the last paragraph in the introduction section, the document is based on OpenPAM as included with FreeBSD 5.x.
The above list of OpenPAM modules includes most of the usual suspects, like Kerberos, RADIUS, TACACS+ and others. No LDAP module though, which is a bit odd. I would still prefer Linux-PAM though, if nothing else then for compatibility reasons. I also happen to like pam_winbind.
Are you sure about that? This list seems pretty complete, and according to the last paragraph in the introduction section, the document is based on OpenPAM as included with FreeBSD 5.x.
The above list of OpenPAM modules includes most of the usual suspects, like Kerberos, RADIUS, TACACS+ and others. No LDAP module though, which is a bit odd. I would still prefer Linux-PAM though, if nothing else then for compatibility reasons. I also happen to like pam_winbind.
I'm pretty sure, I downloaded the source code to make sure because it felt a bit weird to me, the release notes also state only those three are included as well. The FreeBSD PAM modules I believe were developed for FreeBSD (and later imported by NetBSD) and are not part of OpenPAM.
LDAP might be configured through another more generalized module rather than a sole proprietary one. OpenLDAP is available to FreeBSD so it has to have a module or has functionality through a module.
The base package of OpenPAM does only have pam_unix, pam_permit, and pam_deny. However this should be more than enough for a package to test OpenPAM out with in the very basics of usages. I have a SlackBuild for this if anyone is interested.
Many of the other modules seem to be add in projects done for the distribution. I'll see what Gentoo has on this because they have it. I do know in the subversion/git of OpenPAM they added a new pam_oath module.
[...]The base package of OpenPAM does only have pam_unix, pam_permit, and pam_deny. However this should be more than enough for a package to test OpenPAM out with in the very basics of usages. I have a SlackBuild for this if anyone is interested.[...]
I'll try and find some time today and upload it to my repository.
I think other plugins can be written for OpenPAM or imported though. The package is very barebones but provides a solid framework to build off of. I think Gentoo has a few custom modules for it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.