[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: XSSO? How to communicate to XSSO/PAM external authentication info?



On Sun, Aug 27, 2000 at 02:32:06PM +0200, Ingo Luetkebohle wrote:
> On Sat, Aug 26, 2000 at 11:09:20PM -0400, Nicolas Williams wrote:
> > To summarize: PAM offers authentication, [coarse] authorization, session
> > management, etc... GSS-API only does authentication,
> 
> AAA (authenticiation, authorization and accounting) have been
> traditionally seperated conceptually for various reasons. I have
> always considered it a big source of confusion that PAM combines the
> first two As (and under the name of "authentication" alone, which is
> just plain wrong), but of course, YMMV. Some people like that
> integration, it seems.

I've never heard that AAA should all be separate. Authorization must
follow authentication and why should authorization not take into account
parameters involved in the authentication, such as the identity of the
client, or the level of session security negotiated (if that info is
available). And the Accounting step should definitely have information
from the Authentication and Authorization phases!

And PAM, the API, does AAA, not just AA. The extent of integration of
the three As depends on the underlying PAM modules and the system
administrator.

> -- 
> Ingo Luetkebohle / 21st Century Digital Boy
> 


Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []