[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: userid and groups questions



----- Original Message -----
From: <tvaughan@aventail.com>
To: <pam-list@redhat.com>
Sent: Thursday, September 23, 1999 12:43 PM
Subject: Re: userid and groups questions


> "Scott Rachels" <srachels@ibm.net> writes:
>
> > tvaughan@aventail.com wrote:
> > >
> > > Which means in order to compromise an identity, all I have to do is
> > > compromise the last authentication module.
> > >
> > Isn't that the way it is today? Any module CAN set the user id by just
> > ignoring the current userid and asking the conversation for a new user
id.
> > So potentially the last  module CAN set the userid different from any
> > earlier module's userid. Is this correct, or am I missing something?
>
> This is correct. What I am saying is that for the truely paranoid there
> should be some way to enforce that one and only one identiy be used by all
> authentication modules.
>
Yes, I agree. I guess right now the admin/installer must know if a module
will use the userid used from the previous module or will ignore it. BTW: I
think someone is watching me!




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []