[15804] in Kerberos_V5_Development
Re: a suggestion for improving pkinit preauth plugin token choosing
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed May 12 13:59:20 2010
Message-ID: <4BEAEC73.4010405@anl.gov>
Date: Wed, 12 May 2010 12:59:15 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Simo Sorce <ssorce@redhat.com>
In-Reply-To: <20100512134056.4a270974@willson.li.ssimo.org>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Simo Sorce wrote:
> On Wed, 12 May 2010 10:50:33 -0500
> Nicolas Williams <Nicolas.Williams@oracle.com> wrote:
>
>> Second, this is a problem for PAM as well, and there there's no easy
>> fix. PAM and gic are the interfaces that we've got, I'm afraid.
>> Giving up on doing the best we can with the interface we have because
>> we can't get it to be perfect seems wrong to me; taking a detour to
>> extend PAM would be wrong as well as that'd be a huge project.
>
> Although fixing PAM is not in scope here, I would hope that the
> interface can be chosen in a way that will not make it cumbersome to
> use if someone comes up with something better than PAM in the future.
>
> PAM is really a problem and I wouldn't be surprised to see
> alternatives cropping out soon.
Is it time to rewrite the PAM standards?
According to:
http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
PAM came from Sun, X/OPen now the Open Group further developed
it and Red Hat had the first Linux-PAM. There is now the XSSO and
OpenPAM too.
This mail list has many of parties involved...
>
> Simo.
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev