<blockquote> 1. Can the driver support password changing or
retrieving (I think this is impossible with PAM)?
</blockquote>
One will be able to change the password, but one will not be able to retrieve it.
<blockquote> 2. What the error codes returned by text we can show an
end-user? (I guess it should just be a set of codes, so
that we can write and internationalize text based on the
codes.)
</blockquote>
The error codes would be mainly for the developer. I'm
not immediately familiar with how one would internationalize the error codes. The module will return TCL_OK or TCL_ERROR. TCL_ERROR will return a list of the PAM error code and the error string.
<blockquote> 3. If the function succeeds, will it return a code and
a list or just a list?
</blockquote>
We will return TCL_OK and a list containing specific user info. One current problem is that the only consitantly information so far is User Name information. I'll be doing some testing in the and this /may/ have to change.
Currently I'm thinking:
user_info [list]
set user_info [ns_pam auth $username $password]
But we may have to change this to an array.
<blockquote> 4. Is the list of user information always the same, or
are the possible fields variable?
</blockquote>
It is, in theory, suppose to be the same. But, as stated
above, this may change shortly. I will decieded on this before the module is released and becomes a dependancy for other projects.
<blockquote> 5. Is this correct: Each AOLserver can have a single
ns_pam driver, which will require a one-line change
to the config file and also a new file in /etc/pam.d?
</blockquote>
Yes, there will be a
ns/server/$server/module/nspam
ns_param pam_domain "pam domain for auth"
If it is not set, it will default to "aolserver".
Now, if people request we can create an optional paramater to override that but I think that leaves some security issues open.