Date: Sun, 15 Aug 1999 17:50:49 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Dave Walton <walton@nordicrecords.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Whither makefiles for src/crypto/telnet/* ? Message-ID: <Pine.BSF.4.10.9908151716440.45940-100000@hub.freebsd.org> In-Reply-To: <19990815235019.26474.qmail@modgud.nordicrecords.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Aug 1999, Dave Walton wrote: > > Ideally, things like SRP, SRA, CHAP, PAP, etc, > > should be available as plugins to client/server apps, so we don't have to > > make separate patches to telnet/telnetd, ftp/ftpd, etc, for all of the > > authentication protocols-of-the-day. > > I thought that the purpose of PAM was to do just that, at least for > the server side (telnetd, ftpd, etc). Am I mistaken? PAM manages the interaction between a server and a backend - e.g. a passwd file, a RADIUS server or a kerberos ticket server. An application says to PAM "this guy is claiming to be this user, go and authenticate him and tell me whether you succeed". This is fine - PAM should definitely be used for SRP authentication - but it doesn't specify the format of the authentication exchange back with the client. That should (my working hypothesis) be done via SASL (Simple Authentication and Security Layer), for which there are internet drafts about operation with telnet and other protocols, but I really haven't thought about the murky details of implementation yet. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908151716440.45940-100000>