Date: Tue, 04 Aug 1998 22:06:11 -0700 From: John Polstra <jdp@polstra.com> To: Mike Smith <mike@smith.net.au> Cc: Terry Lambert <tlambert@primenet.com>, hackers@FreeBSD.ORG Subject: Re: PAM4FreeBSD Message-ID: <199808050506.WAA14516@austin.polstra.com> In-Reply-To: Your message of "Tue, 04 Aug 1998 21:58:00 PDT." <199808050458.VAA00654@antipodes.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> ... and if you want my pet peeve about PAM, it's that the modules > have to be visible and loadable in to the application that wants to > authenticate/admin/etc. > > The "right" way (IMHO) to deal with this would be to take a clean > slice across the PAM API (which is reasonably compact), encapsulate > it into a nice simple synchronous stream protocol, and then put > all the PAM library into a daemon. Use our authenticated socket > technology and Unix-domain sockets to ensure the integrity of the > client-server relationship. > > This would allow lots of programs (eg. passwd, xlockmore) to be > installed non-setuid root, since they only ever authenticate their > owner. It would also let you run eg. POP daemons non-setuid-root if > they were granted permission to authenticate, etc. I agree with you -- this is the way to go. > Anyway, that's my major gripe about PAM as it stands. That, and the > lousy quality of most of the free-source modules out there. 8( Man, that's no lie! I couldn't convince myself comfortably that any of the ones in the Linux-PAM distribution would work right under FreeBSD. I ended up rolling my own. There are lots of things about the exising implementation that rather stink. But as you said, the API isn't too bad. -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808050506.WAA14516>