[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Fri, 28 Feb 1997, Mark Lillywhite wrote:

> In the absence of seeing the debate which has apparently already happened,
> I am just curious as to why UID/GID is not considered part of the
> authentication? Since for a given session on a Unix system, the user ID and
> group-IDs specify the complete set of operations a user can perform while
> using the system. It would seem to me that PAM's usefullness is quite

Because if you state it this way I can argue that the user home dir and
user shell are also a critical part of authetication. And if it's a ppp
shell, the pppd options are also a critical part of authentication
process... And so on we will end up reimplementing UNIX in our own way. 
PAM was designed to deal with username/password pairs, and there is still
work need to be done to complete the development process. Then we can
consider expanding it, but for now, we have a RFC to implement, a
tremendous amount of features request, and we have to finish this first. 
 
> log in", another to say "you can log in now", yet another to say "this user
> has just logged in", and another one to say "this user's changing his/her
> auth token" but nothing in the set of operations to say "this is what the
> user can do". After all, the UID/GID set really does define the user's
> permissions in most of the Unix domain.

You see ? You fall here into the _application_ domain. A certain
application isdealing with what the user can do, and the application know
better what is best for it. You can not simply make things generic and
expect all the applications will be easy to port to the new abstraction
layer...

Best wishes,
		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []