[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non-interactive authentications...



On Fri, 21 Aug 1998, Raul Miller wrote:

> > It wouldn't be so bad if you wanted a "PAM wrapper" API, which still
> > had the same module interface, but of course that sacrifices most of
> > what you're trying to accomplish:-(
> 
> Let's grant that a "PAM wrapper" API, perhaps supplied by those of you
> who are already using PAM to plug modules into a vendor's software, is
> an option.  An option which would require a bit of engineering, but 
> not unworkable.
> 
> Are you then implying that there's some better option?

It depends what you want. If you want the ability for an application to
tell a module system what it can and can't do, then a PAM wrapper system
won't work very well. You'll need a module registry which keeps track of
what modules are compatible with what application needs. You'll need a
hardcoded list of "this module can be used for e.g. APOP" and push that
info back to the application so it knows whether it is allowed to offer
APOP, for instance. 

And of course you need to find a way to do this without interfereing with
module operation in "vendor" applications, assuming you wish to keep
compatibility. I'm not saying there's a better way. What I'm saying is
there's no good way.

-D




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []