> On 10/5/06, Grok Mogger <[EMAIL PROTECTED]> wrote: > >Just what the title says. What is the relation between NSS and PAM? > > > >I understand that NSS basically tells C libraries where to get information. > >What's confusing is that two of the entries in the nsswitch.conf file are > >"passwd" and "shadow". Are these entries for programs that don't use PAM, > >but instead have their own internal authentication mechanisms written in C?
they are used by libc functions getpwnam() and getspnam() (with their families) On 05.10.06 01:08, Wim De Smet wrote: > This is how I understand it: nsswitch configures where the databases > with the given information are. (such as the 'passwd' database) PAM > only provides authentication and, to some extent, user session setup. yes. > These databases however contain other information that programs can > need, such as the groups, the uid, etc. that is already handled by libc get** functions who use nsswitch.conf. > So while PAM can authenticate > against the same database, it is not closely related to nsswitch. > pam_unix probably uses nsswitch to find out where it can find the > information it needs though. I doubt so. nsswitch only authentize user (get his informations from databases according to his uid/logname) and pam_* authorize user (allow/deny acecss) and set his session parameters (variables etc) pam_unix just uses standard unix way to authentize user - calls getpwnam and getspnam functions to decide if allow the user. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
