Date: Fri, 17 Jul 1998 15:49:25 -0700 (MST) From: "Chad R. Larson" <chad@freebie.dcfinc.com> To: wes@softweyr.com (Wes Peters) Cc: chad@dcfinc.com, freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent Message-ID: <199807172249.PAA03916@freebie.dcfinc.com> In-Reply-To: <199807170000.SAA18215@obie.softweyr.com> from Wes Peters at "Jul 16, 98 06:00:58 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Chad Larson recommended: > > The model that make sense to me is the SysVr4 Service Access Controller > > (SAC). From a security standpoint, there were way too many different > > ways to get a "login" prompt from the system. The telnet daemon, the > > rlogin daemon, FTP, the regular login, the UUCP service, etc. So now > > there is only one process that issues "login", and every thing else goes > > through it. That gives a single point to install authentication and > > access control. > > > > The other band-aids grew up, in my opinion, as people who didn't have > > source to their systems tried to fix things up. We FreeBSDers have the > > facilities to implement a global solution similar to the SysVr4 one. > > Hopefully without the horrible over-complexity of SAF and SAC, though. > When you have 'keys' that are so complex you have to write another > command just to generate the keys for you, something has gone horribly > wrong with your design. I agree with that, which is why I used the term "model". I wouldn't suggest a re-implementation of SAF, but fixing all the various current access means to route through a common point makes sense to me. > Wes Peters Softweyr LLC > http://www.softweyr.com/~softweyr wes@softweyr.com -crl -- Chad R. Larson (CRL22) Brother, can you paradigm? 602-953-1392 chad@dcfinc.com chad@anasazi.com larson1@home.com DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807172249.PAA03916>