From owner-freebsd-hackers  Tue Nov 17 17:53:18 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA00480
          for freebsd-hackers-outgoing; Tue, 17 Nov 1998 17:53:18 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mailhub.ainet.com (mailhub.ainet.com [204.30.40.29])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA00475;
          Tue, 17 Nov 1998 17:53:16 -0800 (PST)
          (envelope-from jmscott@ainet.com)
Received: from shell.ainet.com (jmscott@shell.ainet.com [204.30.40.108])
	by mailhub.ainet.com (8.9.1/8.9.1) with SMTP id RAA10841;
	Tue, 17 Nov 1998 17:52:43 -0800 (PST)
Received: from localhost by shell.ainet.com (4.1/SMI-4.1)
	id AA04116; for freebsd-security@FreeBSD.ORG; Tue, 17 Nov 98 17:54:29 PST
Date: Tue, 17 Nov 1998 17:54:29 -0800 (PST)
From: "Joseph M. Scott" <jmscott@ainet.com>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: Mikael Karpberg <karpen@ocean.campus.luth.se>,
        William McVey <wam@sa.fedex.com>, hackers@FreeBSD.ORG,
        freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure?
In-Reply-To: <Pine.BSF.3.96.981117165526.26891A-100000@fledge.watson.org>
Message-Id: <Pine.GSU.4.05.9811171752310.29073-100000@www.ainet.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



> 
> It might be nice to just have a file system socket any process can bind to
> that mediates access to the authentication system.  On the one side of the
> socket is any client attempting to authenticate a user (possibly using PAM
> as the API, and then some record based protocol over the socket), and on
> the other side is Mr Auth Server that listens on the socket, accepts
> connections, and is a place where throttling of attempts could be
> performed.  Similarly, it could take advantage of the SCM_AUTH (or
> whatever) uid/gid passing to authenticate the processes on the other side.
> 
> 
>   Robert N Watson 
> 

	Correct me if I'm wrong but this sounds similar to the way that
radius works.  The backend logging of radius would need to be changed, but
I wouldn't think that to be too much of a problem.

Joseph Scott
jmscott@ainet.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message