[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



On Tue, Aug 15, 2000 at 03:54:57PM -0400, Jeffrey Altman wrote:
> > What I'm learning from this thread is that the telnetd/login division
> > of labor may have made sense in 1981, but it doesn't make sense any
> > more today.  With modern security infrastructures, the process which
> > implements the network protocol and the client which manages the
> > host's user login process cannot be completely separate.  Setting up a
> > bidirectional communications channel between telnetd and login may be
> > sufficient, but I suspect combining them would be easier.
> > 
> > 		Marc
> > 
> 
> Marc, you have hit the nail on the head.  What we really need on
> Unix is to replace the file based credentials cache with something 
> else that can be contacted securely by the network process, the login
> process, and the user.

Something like Windows 2000's LSA service and SSPI?

>                   Jeffrey Altman * Sr.Software Designer
>                  The Kermit Project * Columbia University
>                612 West 115th St * New York, NY * 10025 * USA
>      http://www.kermit-project.org/ * kermit-support@kermit-project.org


Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []