Coda File System

Re: PAM and Coda

From: Major A <andras_at_physcip.uni-stuttgart.de>
Date: Thu, 11 Nov 1999 12:04:33 +0100
Thanks for the quick reply.

> I was thinking about writing a PAM module to issue your tokens on
> login, but I'm completely new to Coda and still setting up our server
> so I have no idea of the feasibility, etc.  I can let the list know
> as i progress, but OOC, why would you want it as your primary
> authentification (sp?) method, as opposed to using an existing
> method -- say a /etc/passwd or LDAP -- and using PAM to
> keep the passwords between Coda and the primary Auth method
> in sync, as well as to issue tokens on login...?

I would very much like to have only one authentication method. I have
not yet configured PAM, but I guess from the little I know that it is
possible to have a configuration that authenticates the user using
/etc/passwd first, and if that fails, if falls back to kerberos. In my
case, I would like to have Coda instead of kerberos, that's all.

I think it would be too much of a hassle if I set up another secure
authentication method just because it is easier to handle in
PAM. /etc/passwd is not an option, as it is local to each machine, NIS
is insecure, and I don't know what LDAP is. I think that if would be
far more straightforward for an experienced PAM user/developer to
write a PAM module than setting up kerberos or similar.

I don't really know PAM, so can you please tell me how the mapping of
user names to UIDs and vice versa is done if you use kerberos as the
primary auth method? Is there a better method than using NIS for this?
In Coda, each user has a UID (as opposed to kerberos), so I see a
potential advantage here in having a Coda module that also does the
mapping rather than having Coda, kerberos AND NIS at the same time
(this would not only be cumbersome, it would also take away the huge
advantage of multiple servers in Coda which can do authentication
independently from each other, unlike kerberos, thus making the whole
cluster "hot-pluggable").

Thanks,

    Andras

===========================================================================
Major Andras
    e-mail: 1. andras_at_sticks.phy.bris.ac.uk
            2. andras_at_physcip.uni-stuttgart.de
    www:    http://www.physcip.uni-stuttgart.de/andras
===========================================================================
Received on 1999-11-11 06:05:44