Subject: Re: linux emul for PAM libraries? (RSA/ACE)
To: None <current-users@netbsd.org>
From: Daniel Carosone <dan@geek.com.au>
List: current-users
Date: 06/03/2005 14:12:52
--3loezlmesXOUD0D5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 03, 2005 at 01:03:29PM +1000, Charlie Allom wrote:
> I am trying to get my NetBSD machine to use the RSA/ACE PAM modules like
> the linux machines will do here soon..
>=20
> I can run the Linux ace{test,status} binaries but the -current PAM seems
> to just crash on adding the linux modules to "auth required pam_securid.s=
o"
>=20
> can anyone explain to me why this won't work and if it ever can or will?
If I read rightly, you're trying to link shared libraries compiled for
one binary emulation syscall-set (linux) into a process running under
another (netbsd native). It's the same thing as trying to use, say, a
linux mozilla flash or java plug-in in a native mozilla binary.
This won't work, and will continue to not work for the forseable
future. There's no practical way for the kernel to know which
emulation table to use for which call from different parts of the same
process.[*]
However, for this instance, there may be a much simpler and generally
more elegant solution: can you get your ACE server to offer its
authentication services via RADIUS, rather than using the legacy
proprietary protocol and client code? I can report that token-code
authentication of users to sshd, via pam_radius, works Just Fine.
--
Dan.
[*] a hack for looking up the PC address making the syscall in a table
of per-mmap emulation mappings just doesn't really bear thinking about
too much :)
--3loezlmesXOUD0D5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCn9jEEAVxvV4N66cRAlySAJ9AzIcy4hdRkpxhkdyAvCE7TtC1MgCZAYEX
bd+bzZBLcCVRC+of0Ssfv7Q=
=YoZV
-----END PGP SIGNATURE-----
--3loezlmesXOUD0D5--