Date: Tue, 7 Mar 2000 18:33:29 +0200 From: Adrian Pavlykevych <pam@polynet.lviv.ua> To: Peter Wemm <peter@netplex.com.au> Cc: "Andrew J. Korty" <ajk@iu.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_ssh Makefile Message-ID: <20000307183329.A86723@polynet.lviv.ua> In-Reply-To: <20000307031141.39FAD1CDE@overcee.netplex.com.au>; from peter@netplex.com.au on Tue, Mar 07, 2000 at 11:11:41AM %2B0800 References: <ajk@iu.edu> <20000307031141.39FAD1CDE@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 07, 2000 at 11:11:41AM +0800, Peter Wemm wrote: > "Andrew J. Korty" wrote: > > > > The login program doesn't use the PAM session layer, probably > > because there is no underlying program running during the session > > as there is with XDM, so there would be no way to close the PAM > > session. > > Linux's login program does "hang around" to implement the session stuff. I'm > not sure of the details. > > BTW; I suspect there isn't much to stop us making a liblogin (or move the > login stuff to libutil) and build calls to it directly into telnetd, > rlogind, rshd, getty, sshd, etc. We could implement persistant supervisors > that way. (getty would have to hang around though instead of exec'ing a > login, but that's no big deal these days considering the majority of > machines that have lots of logins use telnetd/sshd/xwindows instead of > physical ttys) I think that it is an excellent idea, current level of PAM support seems more like declaration of will, then the real support. I think that login_cap* functions, as well as password expiration checks should be moved to separate PAM modules as well. Login program should be as simple as possible, the rest should be done inside PAM infrastructure. Unless we are dealing with some sort of pre-authentication, like Kerberos ticket or ssh RSAAuthentication, all the rest should be offloaded from programs/servers to PAM. The question is only if this is a feasible task, or not. Regards, > Cheers, > -Peter > -- Adrian Pavlykevych email: <pam@polynet.lviv.ua> System Administrator phone/fax: +380 (322) 742041 State University "Lvivska Polytechnica" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000307183329.A86723>