[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: adding RADIUS to pam

Andrew said:
> But.  By exporting source code, can I be sure _I_ am not taking
> responsibility for not breaking the bit about "does not allow for
> encryption of data"?

  As shipped, the code does not allow for encryption of user data.

>  I cannot see where the ITAR rules make allowance
> for the export of source code that does any flavor of reversible
> encryption.  This is why I want to hear a lawyer say one way or the
> other.

  To be pedantic, seeing a lawyer won't help.  If it *is* illegal to
export, then saying "my lawyer told me it was OK!" is no legal excuse.

  Try this:

# strings /lib/libpwdb.so | grep rad_authenticate

  You'll see that rad_authenticate is in libpwdb.  RedHat ships
libpwdb with all of their systems, includes the source on their
CDROMs, ships those CDROMs out of the country, and puts the source on
their public FTP site.

  libpwdb is available elsewhere on-line:


  The code is already out there, and already exported from the US by
many people. (Livingston, Cryptocard, sunsite, RedHat, Merit, etc.)
Companies with more money for lawyers than you or I can afford seem to
think it's OK.

  I'm not sure what else I can say.  If you don't want to include
RADIUS authentication in PAM, that's your call.

  Alan DeKok.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []