Bug 80221 - Abstraction layers violation.
Abstraction layers violation.
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: passwd (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Mike McLean
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-22 13:09 EST by Konstantin Andreev
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-02 07:10:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Konstantin Andreev 2002-12-22 13:09:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

Description of problem:
The 'passwd' breaks abstraction of PAM by communicating directly with the one 
(pwdb: /etc/{passwd,shadow}) of many possible authentification subsystems. This 
communication bypasses PAM and fails if underlying subsystem is other than pwdb.

The right way to correct this design error is having two different 'passwd' 
utilities:

1) Not PAM-aware, pwdb-only utility which keeps all functionality of the 
present 'passwd'
2) PAM-only aware utility with high abstractiveness, good for any underlying 
authentification subsystem, but loosing some functionality of the 
present 'passwd'.


Version-Release number of selected component (if applicable):


How reproducible:
(not applicable)

Steps to Reproduce:
(not applicable)

Actual Results:  (not applicable)

Expected Results:  (not applicable)
Comment 1 Tomas Mraz 2005-09-08 13:00:34 EDT
I will reconsider this in future.
Comment 2 Tomas Mraz 2005-12-02 07:10:57 EST
Passwd now uses PAM for changing passwords and libuser for operations which
cannot be accomplished through PAM.
Comment 3 Konstantin Andreev 2005-12-02 07:58:07 EST
(In reply to comment #2)
> Passwd now uses PAM for changing passwords and libuser for operations which
> cannot be accomplished through PAM.

That's still not a good design. There are drawbacks:
If an underlying authentification subsystem is not a pwdb (/etc/{passwd,shadow}
), then
1) I can not remove excessive libuser package, because "passwd" is linked 
against it.
2) Anyway, I have to acquire authentification subsystem-specific utility for 
"operations which cannot be accomplished through PAM".

You could consider to revise PAM design to make it's interfaces more versatile, 
to make the single utility "passwd" encompassing any auth.subsystems.

Note You need to log in before you can comment on or make changes to this bug.