Date: Tue, 21 Oct 1997 13:42:33 +0930 From: Mike Smith <mike@smith.net.au> To: Terry Lambert <tlambert@primenet.com> Cc: dec@phoenix.its.rpi.edu (David E. Cross), freebsd-hackers@FreeBSD.ORG Subject: Re: FreeBSD authentication... Message-ID: <199710210412.NAA00457@word.smith.net.au> In-Reply-To: Your message of "Mon, 20 Oct 1997 18:27:21 GMT." <199710201827.LAA09252@usr05.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Is there any interest (should there be) to mooving to Pluggabl > > Authentication Modules. (Since they are implimented as shared libraries, > > that you link in as needed, would we need to rewrite ld.so a bit to ensure > > that people couldn't set their LD_LIBRARY_PATH, and then run su to get > > full root acces, sans password?) > > Have you located a PAM implementation (not necessarily modules, but the > framework itself) which is under UCB copyright instead of GPL? The Linux-PAM library is available under a dual (either-or) license. Again, please see my page at http://www.smith.net.au/~mike. There is a working and mostly-functional port of a slightly out-of-date version linked off there, and the Linux-PAM people have been very easy to work with. At one point Randy Terbush was attacking the libpwdb code (similarly licensed), but I haven't heard from him for some time. This module adds significant and useful functionality, but the code is Bad. > User authentication is a system critical function, like the kernel; > it's unlikely that PAM would be any more acceptable than a GPL'ed > driver if it's critical to system operation. The problems with PAM and our current model are more related to the current woolly concept of a "session", particularly associating an "end" with a "beginning". mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710210412.NAA00457>