[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: XSSO? How to communicate to XSSO/PAM external authentication info?



On Tue, Aug 29, 2000 at 01:33:37PM +1000, Luke Kenneth Casson Leighton wrote:
> a data-transfer protocol's job is not to worry about the details of auth
> etc.

I like that statement.

> consider this: in the light of the existence of secure transports, is it
> in fact pam's job to propose modifications to protocols to provide secure
> alternatives to those protocols?

Well, the PAM+binary prompts system we've been dicussing would NOT
require any protocol mods to any app.

Is tunneling everything the way to go? And how does an app running
inside the tunnel find out about the safety of the tunnel, how the
tunnel client was authenticated and as who?

Doing basic auth (username + cleartext password) over secure tunnels
does not promote signle-sign-on... not unless you use password wallets
(yuk!).

> [the answer might be yes]

I think the question is incorrect. Noone is proposing to modify
protocols with PAM; certainly not me.


> lukes
> 


Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []