[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: PAM, When?



On Tue, 27 Oct 1998, Luke Howard wrote:

> 
> Luke,
> 
> Excuse me for being the voice of reason :-)

go ahead!
 
> It sounds like you're suggesting that PAM subsume the functionality of the
> GSS-API and SASL (for network-based authentication) and the NSS (for
> acquiring account information).

such things exist, and are available now, for linux?

> > 1) PAM security negotiation to be abstracted from PAM itself.
> >  take the
> > example of the SMB protocol for NT5: SMBnegprot request now has an
> > "EXTENDED_SECURITY" capabilities flag.  if set and the server responds
> > that it supports it, the session goes into "abstracted
> > security" mode.
> 
> You're sure Microsoft aren't using a SASL mechanism here? I know they are

what's a SASL mechanism?

> > 2) an extension to PAM to obtain user information and group
> > information,
> > abstracted sufficiently so that you no longer have to store
> > /etc/group or
> > any other authentication information on local machines _at all_.
> 
> Sure, but the only reason I can think of to do this would be to deal with
> identities other than an integer UID and GID set (such as an NT5 PAC) --

such as SIDs, too.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []