From owner-freebsd-arch  Fri Feb 16 12:18:26 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from smtp10.phx.gblx.net (smtp10.phx.gblx.net [206.165.6.140])
	by hub.freebsd.org (Postfix) with ESMTP
	id 88E0F37B491; Fri, 16 Feb 2001 12:18:22 -0800 (PST)
Received: (from daemon@localhost)
	by smtp10.phx.gblx.net (8.9.3/8.9.3) id NAA63960;
	Fri, 16 Feb 2001 13:17:52 -0700
Received: from usr05.primenet.com(206.165.6.205)
 via SMTP by smtp10.phx.gblx.net, id smtpdiYNkMa; Fri Feb 16 13:17:44 2001
Received: (from tlambert@localhost)
	by usr05.primenet.com (8.8.5/8.8.5) id NAA07491;
	Fri, 16 Feb 2001 13:18:09 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <200102162018.NAA07491@usr05.primenet.com>
Subject: Re: List of things to move from main tree to ports (was Re: Wish List (was: Re: The /usr/bin/games bikeshed again))
To: rwatson@FreeBSD.ORG (Robert Watson)
Date: Fri, 16 Feb 2001 20:18:09 +0000 (GMT)
Cc: dillon@earth.backplane.com (Matt Dillon),
	Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group),
	des@ofug.org (Dag-Erling Smorgrav), mark@grondar.za (Mark Murray),
	arch@FreeBSD.ORG
In-Reply-To: <Pine.NEB.3.96L.1010216125203.57795C-100000@fledge.watson.org> from "Robert Watson" at Feb 16, 2001 01:02:27 PM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> The problem with Kerberos is that it requires substantial integration into
> base system code that is very security-sensitive.  If you move KerberosIV
> to a port without some form of integrating it into the base system while
> using base system {telnetd,ftpd,...} then people who do run Kerberos will
> suffer a great deal.

In theory, PAM is supposed to permit programs to deal with this;
many people don't use other than the authentication portion of
PAM, but it seems that the API is there.

It would be worthwhile to abstract this code to the point that
you could plug in Kerberos (or Heimdal), or something else, into
the programs that currently have non-modular Kerberos specific
code.

What you need is a gradual student... er. graduate student.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message