Timo Sirainen wrote:
On 5.8.2004, at 14:08, news.gmane.org wrote:
Support for PAM
I'm not sure how exactly this would work. LDA doesn't use any passwords, so it would have to make a PAM call with some dummy password. And that would create a two second delay with most PAM implementations.
Maybe I am all wrong here (you are all so clever on this list), but isn't PAM divided into 4 different areas exactly for the purpose of using only some of them?
Password comparison is done in pam_auth (usually, but can be replaced with OTP or other authentication schemes).
In Debian at least, you can add a module to the pam_session loop to mount something. Such mounting module is simply ignored if included in auth, account or password loops (as I understand it).
As I understand Chris he requests support for the _relevant_ PAM loops, and you, Timo, say that the auth loop is irrelevant.
- Jonas
--
Jonas Smedegaard - idealist og Internet-arkitekt
Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm