[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos

> What I'm learning from this thread is that the telnetd/login division
> of labor may have made sense in 1981, but it doesn't make sense any
> more today.  With modern security infrastructures, the process which
> implements the network protocol and the client which manages the
> host's user login process cannot be completely separate.  Setting up a
> bidirectional communications channel between telnetd and login may be
> sufficient, but I suspect combining them would be easier.
> 		Marc

Marc, you have hit the nail on the head.  What we really need on
Unix is to replace the file based credentials cache with something 
else that can be contacted securely by the network process, the login
process, and the user.

                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []