From owner-freebsd-hackers  Wed Mar 11 07:24:02 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA23313
          for freebsd-hackers-outgoing; Wed, 11 Mar 1998 07:24:02 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from terra.Sarnoff.COM (terra.sarnoff.com [130.33.11.203])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA23222
          for <hackers@FreeBSD.ORG>; Wed, 11 Mar 1998 07:23:47 -0800 (PST)
          (envelope-from rminnich@Sarnoff.COM)
Received: (from rminnich@localhost) by terra.Sarnoff.COM (8.6.12/8.6.12) id KAA19137; Wed, 11 Mar 1998 10:23:13 -0500
Date: Wed, 11 Mar 1998 10:23:13 -0500 (EST)
From: "Ron G. Minnich" <rminnich@Sarnoff.COM>
X-Sender: rminnich@terra
To: hackers@FreeBSD.ORG
Subject: Re: PAM? 
In-Reply-To: <199803110152.RAA21109@dingo.cdrom.com>
Message-ID: <Pine.SUN.3.91.980311102112.16182K-100000@terra>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Tue, 10 Mar 1998, Mike Smith wrote:
> If you are using a platform where SecurID's server side is supported, 
> you'd be well advised to consider it.  S/Key and OPIE are other 
> candidates worth looking at.

OPIE is neat save for a few things: 

information is stored in a way that requires root access, and suid 
programs, and ... 

you can get deadlocks due to the fact that the /etc/opiekeys file is 
locked during an authentication operation. 

i need an authentication mechanism that requires no root access by the 
programs, and that will not deadlock. any candidates? 

ron

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message