Re: NSS and PAM

From: Dag-Erling Smørgrav <des_at_des.no>
Date: Fri, 05 Dec 2003 01:00:29 +0100
Jacques Vidrine <nectar_at_freebsd.org> writes:
> Applications that use PAM to change the password when the password
> expires seem to work out OK.

This works because each backend knows whether or not the password
needs changing (there is a flag to tell the module to only ask for a
new password if the current password has expired).  When you are
purposedly changing your password before it expires, things are a
little less clear.

Things might be easier if NSS had a proper API which included entry
points for storing and updating user information (and not just for
retrieving).  Then pam_unix wouldn't need to know anything about
/etc/spwd.db or NIS; it would just retrieve the information from NSS,
note that the password had expired, ask the user for a new password
and tell NSS to store it.

DES
-- 
Dag-Erling Smørgrav - des_at_des.no
Received on Thu Dec 04 2003 - 15:00:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:32 UTC