[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: The Open Group's PAM



> > The last time I was able to see their spec, the "Open" Group's PAM is
> > exactly that of Solaris.  (SunSoft contributed their source.) [I use
> > the quotes here because all interaction by members of this list and
> > that group has been mediated by the engineers at Sun -- all of whom,
> > incidentally, have since stopped working on PAM.]
> 
> 	I guess I'm a little confused. Have they stopped working on the
> spec but yet are still using it, or have they abandoned the whole thing
> completely? I know CDE makes a prominent point about it being PAM
> enabled. What does the future hold?

The two people at Sun that I was in contact with that were working on
PAM were Charlie who left the unix security group to work on JAVA and
Vipin who left Sun for a better job at SGI.

I do not _know_ of anyone else that is working on PAM.

Your questions are good ones.  I can only speculate about the
answers.  My feeling is that the XSSO concept is something that is
needed to fully realize the potential of PAM.  However, I have no
evidence that there is any movement on defining an API to match the
lofty ideas mapped out in the XSSO document.

The development of Linux-PAM has been rapid and was easy when what to
implement was clearly written for us in the original PAM RFC.  At this
point all of that code has been implemented.  The focus has now
shifted to support features that are needed to make PAM useful (based
on feedback from developers and users).  The guiding principle here is
to break nothing of the original model, but to only enhance it.

The sad part of this is that there is no method by which we can
discuss these changes with other implementers of PAM.  This makes me
worried, but not unduely so.  The reality is that the Linux userbase
is growing and "commercial" companies are starting to see the value of
free software (Netscape comes to mind).  So it is not inconceivable
that Linux-PAM could be adopted by vendors as their "official"
version.

If no evidence of development on PAM from the UNIX vendors
materializes by the time we have implemented binary prompts and the
recently proposed "support for event driven programming".  I am very
tempted to start writing RFC's myself...  Linux-PAM would then be a
"model implementation".

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []