Comment # 4 on bug 1173387 from
Since this is implemented in Rust and since I am new to Rust it takes a bit
for me to unwrap the program logic.

So for the PAM module a larger part is the wrapping of the C level PAM API.
Apart from that only two PAM hooks actually do something meaningful: the
pam_sm_authenticate() and the pam_acct_mgmt() for the passwd/account PAM
types respectively. These hooks basically asks the kanidm daemon whether
account and/or password are okay. The daemon is contacted via a UNIX domain
socket.

The nsswitch library is even simpler and also simply forwards requests to the
kanidm daemon.

Therefore I need to look close into the communication with the daemon and the
daemon source code. I couldn't find much documentation about actually setting
up the daemon and its config file, however. Can you help me out a bit here?


You are receiving this mail because: