[Top] [Contents] [Index] [ ? ]

The Network Authentication Wrapper Library

1. General questions

1.1 What is libnaw?

An extensible and efficient authentication library. Potentially more, depending on your modules.

1.2 Why should I use libnaw?

To keep your authentication infrastructure uniform, of course, and easily manageable by the system administrator. libnaw may also be used to implement connection logging, host-based (in addition to user-based) authentication, impose per-user resource limits, etc., though some of these modules have yet to be written.

1.3 Doesn't PAM do this?

To an extent. PAM has both shortcomings and benefits over libnaw, so you may decide to use libnaw as a complement instead of a replacement in some applications.

Some shortcomings include:

Some benefits include:

1.4 Why didn't you just write libnaw as an interface to PAM?

Some of the shortcomings listed in Doesn't PAM do this? cannot be overcome if PAM is to be used at all. libnaw is about performance, unobtrusiveness, and flexible authentication that need not involve user interaction.

That said, a module that interfaces with PAM is planned for those who have PAMs that they would like to use with libnaw.

1.5 I'm not a developer. If I truly want this to be a uniform authentication mechanism, wouldn't I have to change all of my programs?

Exactly not! libnaw is designed to function with software that wasn't designed to function with it. That is, it's easy to force software that you didn't write to use libnaw without modifying the code. In fact, because libnaw can be preloaded, you don't need to have the source code at all. Period.

1.6 I'd like my entire session to be encrypted. Can libnaw do this?

Not on its own, though it may be possible for a module to do so. The problem, of course, is that libnaw must be unobtrusive, while such a module would not be, and could prove problematic for applications that make certain assumptions about a socket.

1.7 I want to use libnaw between a Windows machine and a Unix machine. Can i do this?

There no support for the Windows dynamic loader just yet. It is planned for the future.

1.8 Why are some features not supported on Mac OS X?

The dynamic library system in Mac OS X is convoluted. There is a compatibility layer for use with the dlopen(3) suite of functions, and this is currently what libnaw uses. Unfortunately, the compatibility layer is broken, largely due to the convoluted nature of the native loader API. Eventually, libnaw will switch to the native API and try to overcome these issues.

2. Interoperability questions

2.1 I already use PAM with my application, and I don't plan to change. Should I use libnaw as well?

If you want the features of libnaw, or if you use libnaw elsewhere and want a more uniform authentication system, then certainly. It's your decision.

2.2 If I'm using libnaw, then how do I keep PAM from double-authenticating me?

Use the pam_permit module, in a form similar to the following:

	auth sufficient pam_permit.so

In most cases, you would replace or precede the authenticator (say, pam_unix) entry with this line. PAM will simply succeed, and authentication may be handled through libnaw.

3. Usage questions

3.1 Why is the libnaw configuration file format so weird?

The configuration was optimized for use in a database-driven format. It's more efficient this way, so be happy, eh?

If that isn't a consolation to you, then perhaps I should also mention that this format should be easy to create front-ends for. A front-end would be designed to interact with you in a more user-friendly manner, which is its job. In the meantime, libnaw can still perform its own operations efficiently.

3.2 But I don't know of any front-ends that are available yet. Should I write one?

Great idea! I'm glad you thought of it.

3.3 Is libnaw safe to run in a production environment?

Not yet, but with your help using and testing it, it will be.

[Top] [Contents] [Index] [ ? ]

Table of Contents

[Top] [Contents] [Index] [ ? ]

About This Document

This document was generated by ari on April, 11 2006 using texi2html 1.76.

The buttons in the navigation panels have the following meaning:

Button Name Go to From 1.2.3 go to
[ < ] Back previous section in reading order 1.2.2
[ > ] Forward next section in reading order 1.2.4
[ << ] FastBack beginning of this chapter or previous chapter 1
[ Up ] Up up section 1.2
[ >> ] FastForward next chapter 2
[Top] Top cover (top) of document  
[Contents] Contents table of contents  
[Index] Index index  
[ ? ] About about (help)  

where the Example assumes that the current position is at Subsubsection One-Two-Three of a document of the following structure:

This document was generated by ari on April, 11 2006 using texi2html 1.76.