[15812] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: a suggestion for improving pkinit preauth plugin token choosing

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed May 12 16:50:43 2010

Date: Wed, 12 May 2010 15:49:39 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Simo Sorce <ssorce@redhat.com>
Message-ID: <20100512204939.GP9429@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100512145842.36cfee6c@willson.li.ssimo.org>
Cc: krbdev@mit.edu, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On Wed, May 12, 2010 at 02:58:42PM -0400, Simo Sorce wrote:
> On Wed, 12 May 2010 12:59:15 -0500
> "Douglas E. Engert" <deengert@anl.gov> wrote:
> > Is it time to rewrite the PAM standards?
> 
> Certainly my desktop pals would like me to try to. :-)

We should try to not throw the baby out with the bath water.  I can
think of a number of enhancements to PAM that would address many/most of
its API/SPI problems while remaining backwards compatible with existing
PAM apps and modules.

Nico
-- 
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post