[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Source code for Pam'd applications



> The question is whether the clients would be able to grok it. The FTP
> protocol is quite inflexible, and many implementations are even less
> flexible.

  Then they should be able to tell PAM what they can, and cannot, do.
How can you make security decisions if you don't know which security
policy is supported in your applications?

  This could be partially solved by having the application return a
new error: PAM_METHOD_UNSUPPORTED.  That would at least have the
benefit that the module would get some information about what was
happening, instead of having it's PAM_TEXT_INFO messages being dropped
into a black hole.

  A security system which fails without returning an error is
seriously broken, and untrustworthy.

  Alan DeKok.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []