I would support PAM being included.

It provides next to no modules. There's pam_deny, pam_permit and pam_unix. Linux-PAM on the other hand, well, here's the link, you can see for yourself. It would be a lot more work to add and test modules for OpenPAM.

Then there's also the question of whether you could use PAM knowledge from other Linux distros on Slackware if OpenPAM was used. Some of it would be usable, but why not all or most of it, which would be possible with Linux-PAM?

1 members found this post helpful.

So basically OpenPAM only does the basics of (permit)yes, (deny)no, or (unix)default modules? Wouldn't that technically be easier to test?

The actual PAM modules being used in any particular setup is determined by the configuration file(s) in /etc/pam.d/. It doesn't matter if there are tons of modules in /usr/lib[64]/security; unless there are specific references to them in a configuration file, they won't be called. Testing a very basic Linux-PAM configuration would be easy: you just set up a simple PAM configuration with very few modules (like those mentioned) and test it.

OpenPAM sounds like a very peculiar beast with only 3 modules. There has to be 3rd party modules available from somewhere, otherwise OpenPAM just represents an unnecessary detour on the way to /etc/shadow. Or it could be intended as a PAM compatibility shim, I guess.

1 members found this post helpful.

Are you sure about that? This list seems pretty complete, and according to the last paragraph in the introduction section, the document is based on OpenPAM as included with FreeBSD 5.x.

The above list of OpenPAM modules includes most of the usual suspects, like Kerberos, RADIUS, TACACS+ and others. No LDAP module though, which is a bit odd. I would still prefer Linux-PAM though, if nothing else then for compatibility reasons. I also happen to like pam_winbind.

I'm pretty sure, I downloaded the source code to make sure because it felt a bit weird to me, the release notes also state only those three are included as well. The FreeBSD PAM modules I believe were developed for FreeBSD (and later imported by NetBSD) and are not part of OpenPAM.

Do correct me if I'm wrong though.

LDAP might be configured through another more generalized module rather than a sole proprietary one. OpenLDAP is available to FreeBSD so it has to have a module or has functionality through a module.

The base package of OpenPAM does only have pam_unix, pam_permit, and pam_deny. However this should be more than enough for a package to test OpenPAM out with in the very basics of usages. I have a SlackBuild for this if anyone is interested.

Many of the other modules seem to be add in projects done for the distribution. I'll see what Gentoo has on this because they have it. I do know in the subversion/git of OpenPAM they added a new pam_oath module.

It's Christmas soon, so I might as well ask for this to be included in Slackware. You never know.

http://www.freeipa.org/

Cheers,

Niki

Greetings!

I'm interested in OpenPAM.

I'll try and find some time today and upload it to my repository.

I think other plugins can be written for OpenPAM or imported though. The package is very barebones but provides a solid framework to build off of. I think Gentoo has a few custom modules for it.