[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: new module request: pam_ident



Aleph One wrote:
> > Anyone out there want to write a pam_ident module.  It seems that
> > identd is becoming a pretty common daemon to have around.  It might be
> > nice to have some pluggable support for it.
> 
> God help you if you are thinking of relying on something as easy to spoof
> as ident for authentication.

On these grounds, nothing in PAM (as distributed) is worth much over a
network.  All those clear text passwords, rhosts authentication...: we
may as well just go home and forget about it. ;^)

Identd is part of the tcp-wrappers suite it has an RFC of its own and
it is now commonly used by many commercial applications.  Its another
layer: ideal for a module...  And after all PAM _is_ about choice.

But mostly, I'd like to see a simple network-aware PAM written.  A
secure user@host<->user@host authentication module could be created by
someone with little understanding of PAM if there was some simple-to-
understand code available as a reference.

Best wishes

Andrew
-- 
new job - new sig file under construction...



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []