Any C coders want to help me with something?

Basil Mohamed Gohar abu_hurayrah at hidayahonline.org
Wed Apr 29 17:14:34 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/30/2009 12:52 AM, Mike McGrath wrote:
> On Wed, 29 Apr 2009, Stephen John Smoogen wrote:
> 
>> On Wed, Apr 29, 2009 at 8:27 AM, Mike McGrath <mmcgrath at redhat.com> wrote:
>>> On Wed, 29 Apr 2009, Stefan Schlesinger wrote:
>>>
>>>> On Apr 29, 2009, at 01:38 , Mike McGrath wrote:
>>>>> I'd like someone to write a pam module to auth against fas.  I'm not sure
>>>>> it's the way to go but I'd like to have something up and running to test
>>>>> with to see how it behaves, how it deals with some failure scenarios, etc.
>>>> I'm not sure what exactly you want to do, but pam_ldap should do what
>>>> you want, right? Or at least one could use it as codebase and modify it.
>>>>
>>> pam_ldap would probably be close to what we want and certainly a good
>>> place to look but we don't run an ldap server so it won't auth against
>>> fas.
>>>
>> Well normally what I have seen is that the 'FAS' server would export a
>> schema table to LDAP and LDAP would then be what is authenticated to
>> (the same with Kerberos if combined). Or the FAS server has a
>> mysql/postgres background and someone uses pam/mod mysql to do it.
>>
>> The one problem with custom pam modules is usually the 'oooooooh'
>> moment when something doesn't work quite as planned (hey look I can
>> sudo root as apache? how did that happen?)
>>
> 
> This is a legit and good concern.  Ricky and I were talking about it last
> night.  Since we're re-thinking things I'm open to suggestions.  Might be
> something as simple as getting an ldap server to communicate with a
> postgres backend?
> 
> 	-Mike
Sorry for butting in like this, but I always assumed FAS would use LDAP
as a backend, so that 3rd parties, if they wanted to plug in to the
system, would utilize LDAP.  Is that not the case?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkn4ivUACgkQaVgOCFr0s2KkpgCdFx3iwUM8IbWPjVEufFRDnM5d
b6EAnAsXyj03UIMbMy0wGDi9+n/ZC8eT
=oyjc
-----END PGP SIGNATURE-----

More information about the infrastructure mailing list