| [Top] | [Contents] | [Index] | [ ? ] |
| 1. General questions | ||
| 2. Interoperability questions | ||
| 3. Usage questions |
libnaw? An extensible and efficient authentication library. Potentially more, depending on your modules.
libnaw? To keep your authentication infrastructure uniform, of course, and easily
manageable by the system administrator. libnaw may also be used to
implement connection logging, host-based (in addition to user-based)
authentication, impose per-user resource limits, etc., though some of these
modules have yet to be written.
To an extent. PAM has both shortcomings and benefits over libnaw, so
you may decide to use libnaw as a complement instead of a replacement
in some applications.
Some shortcomings include:
Some benefits include:
libnaw would not be able to do this without programmer
intervention, so it was omitted as a design decision.
libnaw as an interface to PAM? Some of the shortcomings listed in Doesn't PAM do this? cannot be
overcome if PAM is to be used at all. libnaw is about performance,
unobtrusiveness, and flexible authentication that need not involve user
interaction.
That said, a module that interfaces with PAM is planned for those who
have PAMs that they would like to use with libnaw.
Exactly not! libnaw is designed to function with software that
wasn't designed to function with it. That is, it's easy to force software
that you didn't write to use libnaw without modifying the code. In
fact, because libnaw can be preloaded, you don't need to have the
source code at all. Period.
libnaw do this? Not on its own, though it may be possible for a module to do so. The
problem, of course, is that libnaw must be unobtrusive, while such a
module would not be, and could prove problematic for applications that make
certain assumptions about a socket.
libnaw between a Windows machine and a Unix machine. Can i do this? There no support for the Windows dynamic loader just yet. It is planned for the future.
The dynamic library system in Mac OS X is convoluted. There is a
compatibility layer for use with the dlopen(3) suite of functions, and this
is currently what libnaw uses. Unfortunately, the compatibility
layer is broken, largely due to the convoluted nature of the native loader
API. Eventually, libnaw will switch to the native API and try to
overcome these issues.
2.1 I already use PAM with my application, and I don't plan to change. Should I use libnaw as well? | ||
2.2 If I'm using libnaw, then how do I keep PAM from double-authenticating me? |
libnaw as well? If you want the features of libnaw, or if you use libnaw
elsewhere and want a more uniform authentication system, then certainly.
It's your decision.
libnaw, then how do I keep PAM from double-authenticating me? Use the pam_permit module, in a form similar to the following:
auth sufficient pam_permit.so
In most cases, you would replace or precede the authenticator (say,
pam_unix) entry with this line. PAM will simply succeed, and
authentication may be handled through libnaw.
3.1 Why is the libnaw configuration file format so weird? | ||
| 3.2 But I don't know of any front-ends that are available yet. Should I write one? | ||
3.3 Is libnaw safe to run in a production environment? |
libnaw configuration file format so weird? The configuration was optimized for use in a database-driven format. It's more efficient this way, so be happy, eh?
If that isn't a consolation to you, then perhaps I should also mention that
this format should be easy to create front-ends for. A front-end would be
designed to interact with you in a more user-friendly manner, which is its
job. In the meantime, libnaw can still perform its own operations
efficiently.
Great idea! I'm glad you thought of it.
libnaw safe to run in a production environment? Not yet, but with your help using and testing it, it will be.
| [Top] | [Contents] | [Index] | [ ? ] |
libnaw?libnaw?libnaw as an interface to PAM?libnaw do this?libnaw between a Windows machine and a Unix machine. Can i do this?| [Top] | [Contents] | [Index] | [ ? ] |
This document was generated by ari on April, 11 2006 using texi2html 1.76.
The buttons in the navigation panels have the following meaning:
| Button | Name | Go to | From 1.2.3 go to |
|---|---|---|---|
| [ < ] | Back | previous section in reading order | 1.2.2 |
| [ > ] | Forward | next section in reading order | 1.2.4 |
| [ << ] | FastBack | beginning of this chapter or previous chapter | 1 |
| [ Up ] | Up | up section | 1.2 |
| [ >> ] | FastForward | next chapter | 2 |
| [Top] | Top | cover (top) of document | |
| [Contents] | Contents | table of contents | |
| [Index] | Index | index | |
| [ ? ] | About | about (help) |
where the Example assumes that the current position is at Subsubsection One-Two-Three of a document of the following structure:
This document was generated by ari on April, 11 2006 using texi2html 1.76.