centralized auth and nsswitch.conf

Richard Coleman richardcoleman at mindspring.com
Wed Jul 23 16:10:20 PDT 2003


It's a little in the cycle for this question, but I thought I would ask.

One thing I hope that DragonflyBSD will have is some method to do 
centralized authentication.  I know Matt has said that he dislikes PAM 
(I'm not fond of it myself).  Since I've primarily worked for service 
providers, I've encountered this problem often.  Other than Solaris and 
(oddly enough) Windows, most operating systems suck in this regard.

One simple way to achieve this is to support nsswitch.conf and have LDAP 
support as one of the available switches.  This essentially gives you a 
clone of NIS.  I've always wondered why more systems don't support this 
option, since it's essentially what nsswitch.conf was devised for in the 
first place.

As a by-product of this, client libraries for LDAP would need to be part 
of the base system.  I think this is a good thing, since better 
integration to directory systems would be very useful.

Richard Coleman






More information about the Kernel mailing list