[asterisk-dev] Introduction to ASA - the Asterisk Security Architecture
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Tue Oct 14 09:09:55 CDT 2008
On Tue, Oct 14, 2008 at 12:57:19PM +0200, Vadim Lebedev wrote:
> What do you think about possibility to use PAM for authentication?
PAM is portable (works just about anywhere except OpenBSD and legacy or
non-UNIX OSes), which is why it looks like a very good thing to use.
PAM can be used for authentication. But just that. It provides no
further information. On Linux you'll find a specific pam module
(e.g. pam_ldap) accompanied by a glibc nss (name service switch) module
(e.g. nss_ldap) that can resolve relevant names.
If you want to check the passwords of system users you must be root.
This led many daemons to set aside a small authentication process that
runs as root and talks with the rest of the daemon through a socket. The
rest of the daemon does not run as root. I do not want Asterisk to run
as root merely for authenticating system users. Though if somebody
writes the code for auch a subprocess: no problems.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list