pam: Could we have OpenPAM back on Linux?

[takusuman]

G'day, glaucus folks!

I remember testing OpenPAM back in 2022, but haven't done so since then --- the current Copacabana rootfs does not include PAM, since I was afraid of breaking something and having little to no people testing with me to ask about possible solutions. It builds and runs like it should, but it hasn't any modules that would be necessary to run more complex applications like KDE, for example --- but it can link to shadowutils, which is a good signal, I guess. Anyone here willing to do an experiment with it (besides me) and maybe port some modules from Free/NetBSD to Linux?

Much obliged in advance.

[firasuke]

Hey there @takusuman, I appreciate you dropping by and leaving this suggestion!

Well it seems that most user accounting and authentication utilities nowadays are linking against PAM, not that we are against this behavior, but we were a bit hesitant to introducing PAM, which is why it is currently optional.

I was looking into alternatives like BSD Auth and plan9 factotum, but it seems they only exist on their respective operating systems and can't be run on Linux, so we are stuck with PAM.

Thanks for bringing OpenPAM to my attention as I have not heard of it. Is it still being maintained though?

[takusuman]

Well it seems that most user accounting and authentication utilities nowadays are linking against PAM, not that we are against this behavior, but we were a bit hesitant to introducing PAM, which is why it is currently optional.

I don't think it's actually bad, but I'm more inclined to use OpenPAM than LinuxPAM because it is directly derived from Sun Microsystems' work --- which isn't a quality seal per se, but it caught my attention since I'm extremely favorable towards alternatives.

Is it still being maintained though?

Well, for my surprise --- since OpenPAM team wasn't doing any stable releases since 2019, only loose commits on their Gitea ---, they released a new stable release last year. Since their website went off for some reason exactly when I was trying to look at, I will be sending the SourceForge URL: https://sourceforge.net/projects/openpam/

[firasuke]

Well, for my surprise --- since OpenPAM team wasn't doing any stable releases since 2019, only loose commits on their Gitea ---, they released a new stable release last year. Since their website went off for some reason exactly when I was trying to look at, I will be sending the SourceForge URL: https://sourceforge.net/projects/openpam/

Looks interesting indeed, it has also been around for a while.

I will be considering this for use in glaucus.

Let's try to craft proper modules as it seems lacking compared to Linux PAM.

[takusuman]

Let's try to craft proper modules as it seems lacking compared to Linux PAM.

If it helps, as I remember to have talked about with dslm4515, NetBSD and FreeBSD have some missing PAM modules already implemented. https://github.com/dslm4515/BMLFS/issues/29#issuecomment-1428896779

I may confess that I'm a little bit preoccupied about how KDE deals with OpenPAM, since it apparently presents some problems since 2005 and, according to some people at FreeBSD forums, as of 2018, KDE and OpenPAM have some problems and the KDE team don't know/care about how to fix them --- maybe a task for us?