From owner-freebsd-arch  Fri May 25  5:47:53 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141])
	by hub.freebsd.org (Postfix) with ESMTP id 37F3E37B422
	for <arch@freebsd.org>; Fri, 25 May 2001 05:47:49 -0700 (PDT)
	(envelope-from sheldonh@uunet.co.za)
Received: from nwl.fw.uunet.co.za ([196.31.2.162])
	by lists01.iafrica.com with esmtp (Exim 3.12 #2)
	id 153H0L-00050e-00; Fri, 25 May 2001 14:47:45 +0200
Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id OAA28301; Fri, 25 May 2001 14:47:44 +0200 (SAST)
Received: by nwl.fw.uunet.co.za via recvmail id 28118; Fri May 25 14:47:04 2001
Received: from sheldonh (helo=axl.fw.uunet.co.za)
	by axl.fw.uunet.co.za with local-esmtp (Exim 3.22 #1)
	id 153Gzg-000NKA-00; Fri, 25 May 2001 14:47:04 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Mark Murray <mark@grondar.za>
Cc: arch@freebsd.org
Subject: Re: PAM, S/Key and authentication schemes. 
In-reply-to: Your message of "Fri, 25 May 2001 14:42:40 +0200."
             <200105251240.f4PCeO612402@gratis.grondar.za> 
Date: Fri, 25 May 2001 14:47:04 +0200
Message-ID: <89661.990794824@axl.fw.uunet.co.za>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG



On Fri, 25 May 2001 14:42:40 +0200, Mark Murray wrote:

> I have already tested this on my home cluster with su(1) (I just
> made su a PAM-only thing), and this makes the code a whole lot
> simpler. Simpler code == safer code.

I think that the real win here is that we come out with a FreeBSD that
uses a flexible authentication management system that requires once-off
learning that can then be applied to the configuration of policies for
multiple tools.

Of course there are other benefits.  One is the ease of implementation
of new authentication schemes that, once deployed, are immediately
available in all the appropraite tools).

I think where you're going with this is excellent.  What's your
anticipated time frame for getting what we have today rationalized?

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message