[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: XSSO? How to communicate to XSSO/PAM external authentication info?



A module could be written that would tell ftpd (or telnetd for that matter)
what authentication methods are available.  Alas, the ftp or telnetd client
only chooses one out of the list, so we would have to be content with that.
(Actually with telnetd would could continue with some text based
authentication methods).

I also thought that another module could be written that would specify the
encryption types that are permitted.  A later module would then check to
make sure that the connection is indeed encrypted.

> -----Original Message-----
> From:	Ingo Luetkebohle [SMTP:ingo@blank.pages.de]
> Sent:	Saturday, August 26, 2000 5:29 AM
> To:	pam-list@redhat.com
> Subject:	Re: XSSO? How to communicate to XSSO/PAM external
> authentication info?
> 
> On Fri, Aug 25, 2000 at 09:53:13PM -0400, Nicolas Williams wrote:
> >     - pam_gss would probably be first in the auth stack and would issue
> >       a binary prompt asking ftpd to negotiate for GSS-API
> 
> Trouble is, RFC 2228 mandates that its the *client* that suggests
> which auth protocol to use and the server is supposed to know which
> auth protocols it can support. I don't see how that can be made to
> work with PAM's current prompting mechanism.
> 
> Even in protocols like IMAP, where the client has to give the server
> some control by issueing a CAPABILITY request, the server has to know
> which authentication protocols it can support *before* actual
> negotiation takes place. Similiar problem.
> 
> ---Ingo Luetkebohle / 21st Century Digital Boy
> 
> its easy to stop using Perl: I do it after every project
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []