Bug 80221 - Abstraction layers violation.
Summary: Abstraction layers violation.
Alias: None
Product: Fedora
Classification: Fedora
Component: passwd
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Mike McLean
Depends On:
TreeView+ depends on / blocked
Reported: 2002-12-22 18:09 UTC by Konstantin Andreev
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2005-12-02 12:10:57 UTC
Type: ---

Attachments (Terms of Use)

Description Konstantin Andreev 2002-12-22 18:09:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

Description of problem:
The 'passwd' breaks abstraction of PAM by communicating directly with the one 
(pwdb: /etc/{passwd,shadow}) of many possible authentification subsystems. This 
communication bypasses PAM and fails if underlying subsystem is other than pwdb.

The right way to correct this design error is having two different 'passwd' 

1) Not PAM-aware, pwdb-only utility which keeps all functionality of the 
present 'passwd'
2) PAM-only aware utility with high abstractiveness, good for any underlying 
authentification subsystem, but loosing some functionality of the 
present 'passwd'.

Version-Release number of selected component (if applicable):

How reproducible:
(not applicable)

Steps to Reproduce:
(not applicable)

Actual Results:  (not applicable)

Expected Results:  (not applicable)

Comment 1 Tomas Mraz 2005-09-08 17:00:34 UTC
I will reconsider this in future.

Comment 2 Tomas Mraz 2005-12-02 12:10:57 UTC
Passwd now uses PAM for changing passwords and libuser for operations which
cannot be accomplished through PAM.

Comment 3 Konstantin Andreev 2005-12-02 12:58:07 UTC
(In reply to comment #2)
> Passwd now uses PAM for changing passwords and libuser for operations which
> cannot be accomplished through PAM.

That's still not a good design. There are drawbacks:
If an underlying authentification subsystem is not a pwdb (/etc/{passwd,shadow}
), then
1) I can not remove excessive libuser package, because "passwd" is linked 
against it.
2) Anyway, I have to acquire authentification subsystem-specific utility for 
"operations which cannot be accomplished through PAM".

You could consider to revise PAM design to make it's interfaces more versatile, 
to make the single utility "passwd" encompassing any auth.subsystems.

Note You need to log in before you can comment on or make changes to this bug.