[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> Jeffrey Altman <jaltman@columbia.edu> writes:
> 
> >> > What I'm learning from this thread is that the telnetd/login division
> >> > of labor may have made sense in 1981, but it doesn't make sense any
> >> > more today.  With modern security infrastructures, the process which
> >> > implements the network protocol and the client which manages the
> >> > host's user login process cannot be completely separate.  Setting up a
> >> > bidirectional communications channel between telnetd and login may be
> >> > sufficient, but I suspect combining them would be easier.
> >> > 
> >> > 		Marc
> >> > 
> >> 
> >> Marc, you have hit the nail on the head.  What we really need on
> >> Unix is to replace the file based credentials cache with something 
> >> else that can be contacted securely by the network process, the login
> >> process, and the user.
> 
> You're putting words in my mouth.  I never said anything about moving
> away from a a file-based ccache.  I was talking about combining
> telnetd and login.

Sorry, I thought you were refering to the additional desire to have
the process requests for service tickets be redirected to the telnet
client when the cache hit fails.




                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []