[Toybox] New toy: login

[Elie De Brauwer]

On 04/26/2012 07:24 AM, Rob Landley wrote:
>> Well I'm just listing what I saw appear either in the shadow sources
>> or the busybox code. Personally I think PAM support is the most useful
>>   of the list above and a likely candidate for a follow up patch.
>
> PAM lets you log in from a a windows server, which lots of people like,
> so yeah. But I vaguely recall there was a busybox FAQ many moons ago
> saying that PAM support was a question of building against a library
> that supported it (glibc did, uclibc didn't), and that busybox didn't
> actually have to do anything specific to support it.
>
> But I didn't actually look at the code (or if I did it was long enough
> ago I don't remember).

Well, login now reads a password, hashes it, and compares the hash with 
what passwd/shadow have to say.  When you use pam, you just ask pam to 
take care of it (so you replace the passwd/shadow part with some pam 
calls), the advantage is that all the PAM stuff is something which can 
be dealt with system wide and doesn't care which application is calling 
it. The only thing is that you need to have this PAM dialog set up and 
you need to link with libpam (busybox supports this through login, but 
buildroot doesn't allow you to create a pam-aware rootfs).


> "This has X" != "we need to add X".
>
> Given that ssh doesn't use login, serial consoles don't use login, and
> distros boot straight into X, this is not hugely useful code today. (I'm
> pretty sure smartphones don't have VGA ttys.)

Afaik, inittab typically spawns getty and friends, and getty spawns 
login by default to authenticate users. And getty is spawned on both vga 
consoles and serial consoles. I wouldn't want to put a dollar on a table 
for each login running over a uart on an embedded board.

my 2 cents
E.

-- 
Elie De Brauwer


 1335616967.0