Date: Wed, 04 Sep 2013 15:02:21 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Lev Serebryakov <lev@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, Slawa Olhovchenkov <slw@zxy.spb.ru> Subject: Re: OpenSSH, PAM and kerberos Message-ID: <86k3iwrb8i.fsf@nine.des.no> In-Reply-To: <1943226951.20130904142012@serebryakov.spb.ru> (Lev Serebryakov's message of "Wed, 4 Sep 2013 14:20:12 %2B0400") References: <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <20130903095316.GH3796@zxy.spb.ru> <86li3euovr.fsf@nine.des.no> <20130903115050.GJ3796@zxy.spb.ru> <864na2ujh7.fsf@nine.des.no> <20130903142205.GL3796@zxy.spb.ru> <86mwnuszag.fsf@nine.des.no> <1943226951.20130904142012@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Lev Serebryakov <lev@FreeBSD.org> writes: > I try to write some short list of requirements to this completely new > solution, where am I wrong? I'm sure, I am, but, where? Thank you. This is a very good list, and very close to what I was thinking. Some items, e.g. (1) and (4), seem blindingly obvious to me, but perhaps not to everybody. Regarding compatibility: support for the legacy getpw* API is an absolute requirement. If we can't achieve that, we can just forget about the whole thing. NSS and PAM compatibility, however, would be on a "best effort" basis. Allowing existing applications to use the new framework through NSS and PAM should be fairly easy. Allowing the new framework to use existing NSS and PAM modules would be hard, and probably not worth the effort if we can provide plugins for the most important backends (LDAP, Kerberos, RADIUS, OATH...) from day one. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k3iwrb8i.fsf>