PAM & Configure

Darren J Moffat Darren.Moffat at eng.sun.com
Wed Jan 17 11:44:45 EST 2001


Damien Miller wrote:
> The change was made because there is no workable way to make PAM work
> 'out of the box'. Each vendor implements PAM a little differently and
> there appears to be no standard on the naming of modules or the augments
> they take.

Just a point to note here; SSHD as an application should NOT be
dependant
on any module existing.  Applications should not assume anything about
what modules are available since this breaks the entire concept of what
PAM is all about.  If this is the reason why PAM is being disabled then
there are wrong assumptions in SSHD about what PAM should be doing and
those should be fixed.

Could you give a summary of what problems there were with the PAM
framework
being different on platforms specifically how that relates to OpenSSH ?

FYI PAM was proposed to X/Open as a draft standard but never got
completed, 
AFAIK Linux and Solaris are similar in most respects for PAM.
Solaris implements what was in the standard but Linux went off and
"embraced
and extended (with source available)" and made enhancements and changes
to this.

--
Darren J Moffat





More information about the openssh-unix-dev mailing list