Date: Wed, 30 May 2001 01:36:25 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Mark Murray <mark@grondar.za>, arch@FreeBSD.ORG Subject: Re: PAM, S/Key and authentication schemes. Message-ID: <3B14B109.C08F1970@mindspring.com> References: <89661.990794824@axl.fw.uunet.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn wrote: > On Fri, 25 May 2001 14:42:40 +0200, Mark Murray wrote: > > I have already tested this on my home cluster with su(1) (I just > > made su a PAM-only thing), and this makes the code a whole lot > > simpler. Simpler code == safer code. > > I think that the real win here is that we come out with a > FreeBSD that uses a flexible authentication management system > that requires once-off learning that can then be applied to > the configuration of policies for multiple tools. > > Of course there are other benefits. One is the ease of > implementation of new authentication schemes that, once > deployed, are immediately available in all the appropraite > tools). > > I think where you're going with this is excellent. What's > your anticipated time frame for getting what we have today > rationalized? We talked to the Sun guy who came up with PAM at the last FreeBSD user's group meeting, in Foster City, CA, last month. The PAM API, as it currently sits, is incapable of correctly supporting Kerberos, and several other authentication schemes. Apparently, the only way to fix this is to change the PAM API. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B14B109.C08F1970>