From owner-freebsd-arch  Sat Feb 17  7:23:41 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id B650D37B401
	for <arch@FreeBSD.ORG>; Sat, 17 Feb 2001 07:23:38 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1HFMuh72494;
	Sat, 17 Feb 2001 10:22:57 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 17 Feb 2001 10:22:56 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Dag-Erling Smorgrav <des@ofug.org>, Mark Murray <mark@grondar.za>,
	arch@FreeBSD.ORG
Subject: Re: Summary of List of things to move from main tree to ports
In-Reply-To: <20010217085622.A37238@spawn.nectar.com>
Message-ID: <Pine.NEB.3.96L.1010217102030.59690I-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 17 Feb 2001, Jacques A. Vidrine wrote:

> PAM does not and cannot provide the same functionality as the Kerberos
> API, GSS-API or SASL.  PAM is targetted at interactive authentication --
> give it a username and password, and return yes/no indicating
> authentication success or failure [1].  Once authentication is done, PAM
> is no longer involved (except for a possible clean-up when we log out --
> though this is commonly not implemented). 

Generally speaking, I agree with your statements on the relationships
between GSS-API, SASL, PAM, et al, except with regards to your summary of
PAM.  There are actually additional things that PAM can be involved in,
including the setup and tear-down of sessions, login authorization,
management of local credentials, and accounting.  That said, we don't do
most of these with PAM {yet, right now}, but we should be moving in that
direction.  Especially given that our pam manpage claims that we do :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message