Re: separate Unix domain sockets for NSS and PAM

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Michael Ströder <michael [at] stroeder.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: separate Unix domain sockets for NSS and PAM
Date: Mon, 23 Sep 2019 20:17:27 +0200

On Wed, 2019-09-18 at 18:46 +0200, Michael Ströder wrote:
> I'm using nss-pam-ldapd's PAM and NSS frontend modules for sending
> NSS and PAM requests to my own custom demon implemented with Python.
> 
> Now for various reasons I'm trying to isolate things a bit more. E.g.
> in my setup I'd like to have separate NSS and PAM services listening
> on separate sockets.

The easiest thing for now would probably to compile the code twice,
once with --with-nslcd-socket=PATH1 and once with --with-nslcd-
socket=PATH2. You could also compile once with --disable-nss and the
other with --disable-pam.

> Before I start developing a patch:
> Would that be a feature accepted into upstream?

I don't see a very compelling use case for this in general use. With
the current implementation the PAM lookups also use a lot of the NSS
definitions (filters, search base, etc.) so running two daemons with
differing configurations would also make things more complex without
very much benefit.

Feel free to try to convince me though. ;) If there are good arguments
to have this in nss-pam-ldapd I'm willing to listen.

Thanks,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

separate Unix domain sockets for NSS and PAM, Michael Ströder
- Re: separate Unix domain sockets for NSS and PAM, Arthur de Jong

Prev by Date: separate Unix domain sockets for NSS and PAM
Next by Date: Re: Help with LDAP Notifications
Previous by thread: separate Unix domain sockets for NSS and PAM
Next by thread: Map subjectSid to higher number