Date: Fri, 13 Nov 1998 23:07:05 +0200 From: Mark Murray <mark@grondar.za> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: ark@eltex.ru, cschuber@uumail.gov.bc.ca, oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG Subject: Re: Intruder Lockout Message-ID: <199811132107.XAA12704@greenpeace.grondar.za> In-Reply-To: Your message of " Fri, 13 Nov 1998 15:58:07 EST." <Pine.BSF.3.96.981113155557.16788A-100000@fledge.watson.org> References: <Pine.BSF.3.96.981113155557.16788A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > My understanding has always been that PAM is only good for talking to > humans, and cannot be used to make things like kerberized ftp or > kerberized imap any easier to write. That is, that it essentially > performs a set of challenges/responses intended for humans and is not > easily adaptable for server-server communication or unattended > communication in secure protocols. Is this interpretation correct? (Not > having it under BSD, I haven't had much opportunity to use it). That depends on the implementor. If the implementor is a twit, then sure, that is the case. If the implementor does it properly, and for PAM, this needs to be done properly _once_, then there should be no hassle. PAM is generalised, so the implementor needs to think about security in the general case; that makes life easier. If the implementor is an idiot, (s)he can screw it up royally, but a programmer worth his/her salt should manage without too much of a problem. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811132107.XAA12704>