comparison README.md @ 174:9e4ce1631bd3

Dramatically expand documentation.
author Paul Fisher <paul@pfish.zone>
date Tue, 29 Jul 2025 18:58:27 -0400
parents c9fc7e6257d3
children 42f747774d94
comparison
equal deleted inserted replaced
173:46e8ce5cd5d1 174:9e4ce1631bd3
1 # 🍳 nonstick 1 # 🍳 nonstick
2 2
3 Nonstick lets you use PAM (Pluggable Authentication Modules) from Rust without getting stuck in unsafe code. 3 Nonstick lets you use PAM (Pluggable Authentication Modules) from Rust safely.
4 Don't worry about getting stuck on unsafe code.
5
6 You can use nonstick for interacting with PAM from both sides:
7
8 - PAM applications: call into PAM to authenticate users.
9 - PAM modules: write a backend that PAM uses for authentication.
10
11 It supports all known PAM implementations:
12
13 - Linux-PAM, used on most (all?) Linux distributions.
14 - OpenPAM, used on most BSDs, including Mac OS.
15 - Sun's PAM, used on Solaris and derivatives like Illumos.
16
17 Further documentation can be found in the crate's rustdoc.
4 18
5 ## Status 19 ## Status
6 20
7 This is currently somewhat incomplete. 21 - **Modules**: full support for all calls by PAM into modules.
22 You can use nonstick to implement a PAM module that performs any stage of the PAM lifecycle.
8 23
9 It provides fairly robust functionality for developing PAM modules (i.e., backends that PAM calls to authenticate users or do something similar). 24 - **Applications**: supports only a subset of PAM features:
10 [Linux-PAM](https://github.com/linux-pam/linux-pam) is the only _tested_ PAM implementation, but it compiles against OpenPAM. 25
26 - Authentication
27 - Account management
28 - Password change
29
30 The remaining features (credential and session management) are coming in a future release.
31 (It needs work on a safe and ergonomic API.)
11 32
12 *If you’re looking for a library to implement a PAM client* (i.e., something that authenticates using PAM), consider the [`pam` crate](https://crates.io/crates/pam) for now. 33 The overall shape of the API is largely complete and its general shape should not change significantly.
34 While there may still be minor source incompatibilities pre-1.0 (e.g., moving methods around), it is unlikely that the library will be radically reworked (and I will try to avoid them unless needed).
13 35
14 APIs are likely to break before v0.1.0, but thereafter should stabilize to an eventual 1.0 release. 36 ## Testing
15 After v0.1.0, the shape of the API should be mostly formed, and most of what happens will be adding new features.
16 37
17 Goals include: 38 Nonstick is tested against all supported PAM implementations.
39 In addition to doctests and unit tests in the source itself, the (non-public) `testharness` sub-package performs end-to-end tests against the whole authentication process.
18 40
19 - Bindings for PAM clients. 41 ## Configuration
20 - Additional PAM features, like environment variables. 42
21 - Way more documentation. 43 By default, nonstick uses `libpam-sys` to detect which implementation of PAM it should build against.
44 You can also select to build your library or application against a specific PAM implementation by setting the `LIBPAMSYS_IMPL` environment variable.
45 See [the documentation for `libpam-sys`](https://docs.rs/libpam-sys/) for more details.
46
47 ## Cargo features
48
49 - `link` (enabled by default): Link against your system's PAM library.
50 If disabled, you can still use the PAM traits and enum types to build and test your own PAM code independent of your system PAM.
51 - `basic-ext` (enabled by default): Include enum values provided by both OpenPAM and Linux-PAM.
52 - `linux-pam-ext`: Include features specific to Linux-PAM, including enum values and the ability to send binary messages.
53 - `openpam-ext`: Include features specific to OpenPAM (just enum values).
54 - `sun-ext`: Include features specific to Sun PAM (just enum values).
55
56 When `link` is enabled, you can only use the PAM features available on the configured PAM implementation.
57 For instance, when building with Linux-PAM, `link` and `openpam-ext` cannot be used together.
58
59 However, when `link` is disabled, you could develop and test a crate with `sun-ext` enabled using any device.
22 60
23 ## Credits 61 ## Credits
24 62
25 This is a direct fork of [Anthony Nowell](http://anowell.com/)’s [`pam-rs`/`pam-bindings` crate](https://crates.io/crates/pam-bindings). 63 This is a direct fork of [Anthony Nowell](http://anowell.com/)’s [`pam-rs`/`pam-bindings` crate](https://crates.io/crates/pam-bindings).
26 `pam-rs` was in turn inspired by: 64 `pam-rs` was in turn inspired by: