[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: new module request: pam_ident



Aleph One writes:
>No. You miss understand. If I telnet into a box and present it with a
>username and password it means either a) I am who I claim I am or b) I've
>had enough control over the network to sniff the password off the wire. If
>b is the case I dont even need to sniff the password I can simply highjack
>the session.

I don't think Andrew misunderstood.  Remember that PAM is *stackable*
authentication; stacking ident on top of user/password authentication
is perfectly reasonable.  It can't, at least, reduce the level of
security.

Furthermore, not all environments are hostile.  Who says that PAM
is only supposed to be used on the big bad Internet?  There are
protected local spaces where a certain amount of trust as a convenience
may be a proper policy.

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []