Date: Sat, 17 Feb 2001 09:54:34 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: arch@FreeBSD.ORG Subject: Re: Summary of List of things to move from main tree to ports Message-ID: <20010217095434.A37535@spawn.nectar.com> In-Reply-To: <Pine.NEB.3.96L.1010217102030.59690I-100000@fledge.watson.org>; from rwatson@FreeBSD.ORG on Sat, Feb 17, 2001 at 10:22:56AM -0500 References: <20010217085622.A37238@spawn.nectar.com> <Pine.NEB.3.96L.1010217102030.59690I-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 17, 2001 at 10:22:56AM -0500, Robert Watson wrote: > On Sat, 17 Feb 2001, Jacques A. Vidrine wrote: > > > PAM does not and cannot provide the same functionality as the Kerberos > > API, GSS-API or SASL. PAM is targetted at interactive authentication -- > > give it a username and password, and return yes/no indicating > > authentication success or failure [1]. Once authentication is done, PAM > > is no longer involved (except for a possible clean-up when we log out -- > > though this is commonly not implemented). > > Generally speaking, I agree with your statements on the relationships > between GSS-API, SASL, PAM, et al, except with regards to your summary of > PAM. There are actually additional things that PAM can be involved in, > including the setup and tear-down of sessions, login authorization, > management of local credentials, and accounting. I think we are in violent agreement -- I elided the details in order to concentrate on the main point, which is a misconception that PAM could somehow provide GSS-API-like functionality: data integrity and privacy. This is outside the scope of PAM, just as much of what PAM does do is outside the scope of GSS-API and Kerberos. I'm repeating myself. :-) Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010217095434.A37535>