[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



Jeffrey Altman <jaltman@columbia.edu> writes:

>> > What I'm learning from this thread is that the telnetd/login division
>> > of labor may have made sense in 1981, but it doesn't make sense any
>> > more today.  With modern security infrastructures, the process which
>> > implements the network protocol and the client which manages the
>> > host's user login process cannot be completely separate.  Setting up a
>> > bidirectional communications channel between telnetd and login may be
>> > sufficient, but I suspect combining them would be easier.
>> > 
>> > 		Marc
>> > 
>> 
>> Marc, you have hit the nail on the head.  What we really need on
>> Unix is to replace the file based credentials cache with something 
>> else that can be contacted securely by the network process, the login
>> process, and the user.

You're putting words in my mouth.  I never said anything about moving
away from a a file-based ccache.  I was talking about combining
telnetd and login.

		Marc





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []