[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: userid and groups questions



"Scott Rachels" <srachels@ibm.net> writes:

> tvaughan@aventail.com wrote:
> >
> > Which means in order to compromise an identity, all I have to do is
> > compromise the last authentication module.
> >
> Isn't that the way it is today? Any module CAN set the user id by just
> ignoring the current userid and asking the conversation for a new user id.
> So potentially the last  module CAN set the userid different from any
> earlier module's userid. Is this correct, or am I missing something?

This is correct. What I am saying is that for the truely paranoid there
should be some way to enforce that one and only one identiy be used by all
authentication modules.

-Tom

-- 
Tom Vaughan <tvaughan at aventail dot com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []