From 02540842cd2246b0363514e139b374a8883adef0 Mon Sep 17 00:00:00 2001
From: Anthony Wang <a@exozy.me>
Date: Sun, 2 Jun 2024 11:35:37 -0500
Subject: [PATCH] Write commentary for POSIX user management posts

---
 src/content/posts/2024/june-2024.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/content/posts/2024/june-2024.md b/src/content/posts/2024/june-2024.md
index f4354a0..5d001fe 100644
--- a/src/content/posts/2024/june-2024.md
+++ b/src/content/posts/2024/june-2024.md
@@ -12,10 +12,9 @@ https://a.exozy.me/posts/guest-post-short-story-5/ (fun but not tech-related? ca
 https://a.exozy.me/posts/bad-apple-animated-qr-code/
 
 
-Related:
-https://a.exozy.me/posts/pam-auth-without-access-etc-shadow/
-https://www.1a-insec.net/frag/37-posix-login/
+## The intricacies of POSIX user management
 
+The exozyme server recently switched from LDAP to PAM for user management, so both @a and @iacore wrote articles about some of the subtleties of the standard user management systems on Linux and other Unix-like OSes. On Linux, PAM authentication by default requires being root or having access to the password hashes in `/etc/passwd`, but @a found that [it's possible to use a tool called SSSD](https://a.exozy.me/posts/pam-auth-without-access-etc-shadow/) to get around that for better security. [@iacore's article](https://www.1a-insec.net/frag/37-posix-login/), among other things, discusses how it's legal for a UID to have more than one username and its the cursed consequences.
 
 https://www.1a-insec.net/blog/52-static-site-hosting-providers/