Date: Fri, 16 Feb 2001 20:18:09 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: rwatson@FreeBSD.ORG (Robert Watson) Cc: dillon@earth.backplane.com (Matt Dillon), Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), des@ofug.org (Dag-Erling Smorgrav), mark@grondar.za (Mark Murray), arch@FreeBSD.ORG Subject: Re: List of things to move from main tree to ports (was Re: Wish List (was: Re: The /usr/bin/games bikeshed again)) Message-ID: <200102162018.NAA07491@usr05.primenet.com> In-Reply-To: <Pine.NEB.3.96L.1010216125203.57795C-100000@fledge.watson.org> from "Robert Watson" at Feb 16, 2001 01:02:27 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> The problem with Kerberos is that it requires substantial integration into
> base system code that is very security-sensitive. If you move KerberosIV
> to a port without some form of integrating it into the base system while
> using base system {telnetd,ftpd,...} then people who do run Kerberos will
> suffer a great deal.
In theory, PAM is supposed to permit programs to deal with this;
many people don't use other than the authentication portion of
PAM, but it seems that the API is there.
It would be worthwhile to abstract this code to the point that
you could plug in Kerberos (or Heimdal), or something else, into
the programs that currently have non-modular Kerberos specific
code.
What you need is a gradual student... er. graduate student.
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102162018.NAA07491>