[Toybox] New toy: login
Elie De Brauwer
eliedebrauwer at gmail.com
Sat Apr 28 05:42:47 PDT 2012
On 04/26/2012 07:24 AM, Rob Landley wrote:
>> Well I'm just listing what I saw appear either in the shadow sources
>> or the busybox code. Personally I think PAM support is the most useful
>> of the list above and a likely candidate for a follow up patch.
>
> PAM lets you log in from a a windows server, which lots of people like,
> so yeah. But I vaguely recall there was a busybox FAQ many moons ago
> saying that PAM support was a question of building against a library
> that supported it (glibc did, uclibc didn't), and that busybox didn't
> actually have to do anything specific to support it.
>
> But I didn't actually look at the code (or if I did it was long enough
> ago I don't remember).
Well, login now reads a password, hashes it, and compares the hash with
what passwd/shadow have to say. When you use pam, you just ask pam to
take care of it (so you replace the passwd/shadow part with some pam
calls), the advantage is that all the PAM stuff is something which can
be dealt with system wide and doesn't care which application is calling
it. The only thing is that you need to have this PAM dialog set up and
you need to link with libpam (busybox supports this through login, but
buildroot doesn't allow you to create a pam-aware rootfs).
> "This has X" != "we need to add X".
>
> Given that ssh doesn't use login, serial consoles don't use login, and
> distros boot straight into X, this is not hugely useful code today. (I'm
> pretty sure smartphones don't have VGA ttys.)
Afaik, inittab typically spawns getty and friends, and getty spawns
login by default to authenticate users. And getty is spawned on both vga
consoles and serial consoles. I wouldn't want to put a dollar on a table
for each login running over a uart on an embedded board.
my 2 cents
E.
--
Elie De Brauwer
More information about the Toybox
mailing list