Date: Thu, 16 Jul 1998 18:00:58 -0600 (MDT) From: Wes Peters <wes@softweyr.com> To: chad@dcfinc.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent Message-ID: <199807170000.SAA18215@obie.softweyr.com> In-Reply-To: <199807162105.OAA02417@freebie.dcfinc.com> from "Chad R. Larson" at "Jul 16, 98 02:05:43 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Larson recommended:
> The model that make sense to me is the SysVr4 Service Access Controller
> (SAC). From a security standpoint, there were way too many different
> ways to get a "login" prompt from the system. The telnet daemon, the
> rlogin daemon, FTP, the regular login, the UUCP service, etc. So now
> there is only one process that issues "login", and every thing else goes
> through it. That gives a single point to install authentication and
> access control.
>
> The other band-aids grew up, in my opinion, as people who didn't have
> source to their systems tried to fix things up. We FreeBSDers have the
> facilities to implement a global solution similar to the SysVr4 one.
Hopefully without the horrible over-complexity of SAF and SAC, though.
When you have 'keys' that are so complex you have to write another
command just to generate the keys for you, something has gone horribly
wrong with your design.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807170000.SAA18215>