[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: first draft of a new PAM RFC


I think this is a very good idea to have client side agents
for PAM. It not only provides for binary packet exchanges,
but will also be useful while implementing single sign-on
of users.

I also have a couple of comments to make:

One  is that the choice of the agent should be configurable 
just like the choice of modules, and should not be hardcoded 
in the client application.

The agents can also be stacked, i.e. if one agent fails to 
return the binary data back to the client and fails with a 
PAMC_CONTROL_FAIL another agent can possibly take
over automatically depending on the configuration.



>>> Andrew Morgan <morgan@transmeta.com> 08/11 9:07 PM >>>

for those that are interested, I've been writing a PAM RFC to
superceed the original one.  This RFC contains a description of how
binary prompts (will) work and will hopefully provide a standard for
client <-> server authentication.


I've posted this revision of the draft to the IETF draft site
(www.ietf.org). In the meantime, if you have any comments +
suggestions, want your name on the document etc., email me or this



To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []