[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non-interactive authentications...



On Fri, 21 Aug 1998, Savochkin Andrey Vladimirovich wrote:

> My idea is to allow an application to specify what information it can
> provide and what questions it's possible to answer. Then if modules
> are able to perform the authentication using this information and
> asking this questions they do it. If no then the authentication fails.
> 
> Such a scheme allows to implement pluggable authentication for most
> existing applications.
> The traditional interactive applications like login can specify
> that any textual question is valid and use the API clearly too.

The big problem is this is (of course) not PAM. It means that apps written
to this will require your pluggable authentication library and no longer
be able to take advantage of what commercial OS vendors ship. This isn't
necessarily a bad thing, I just feel that trying to make PAM be this
screws over those of us already using PAM to plug modules into a vendor's
software.... suddenly instead of having "one source" I can build for
several platforms there's your PAM, Sun's PAM, HP's PAM, etc..

It wouldn't be so bad if you wanted a "PAM wrapper" API, which still had
the same module interface, but of course that sacrifices most of what
you're trying to accomplish:-(

Agreeing to disagree won't help us either as we'll still be stuck with the
status quo, and that's not all that great. 

-D




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []