[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: XSSO? How to communicate to XSSO/PAM external authentication info?

On Fri, Aug 25, 2000 at 09:53:13PM -0400, Nicolas Williams wrote:
>     - pam_gss would probably be first in the auth stack and would issue
>       a binary prompt asking ftpd to negotiate for GSS-API

Trouble is, RFC 2228 mandates that its the *client* that suggests
which auth protocol to use and the server is supposed to know which
auth protocols it can support. I don't see how that can be made to
work with PAM's current prompting mechanism.

Even in protocols like IMAP, where the client has to give the server
some control by issueing a CAPABILITY request, the server has to know
which authentication protocols it can support *before* actual
negotiation takes place. Similiar problem.

---Ingo Luetkebohle / 21st Century Digital Boy

its easy to stop using Perl: I do it after every project

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []