From owner-freebsd-hackers  Wed Mar 11 13:33:08 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA14795
          for freebsd-hackers-outgoing; Wed, 11 Mar 1998 13:33:08 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA14749
          for <hackers@FreeBSD.ORG>; Wed, 11 Mar 1998 13:32:54 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id QAA13928; Wed, 11 Mar 1998 16:32:36 -0500 (EST)
Date: Wed, 11 Mar 1998 16:32:22 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@trojanhorse.pr.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Mike Smith <mike@smith.net.au>
cc: "Ron G. Minnich" <rminnich@Sarnoff.COM>, hackers@FreeBSD.ORG
Subject: Re: PAM? 
In-Reply-To: <199803111909.LAA23996@dingo.cdrom.com>
Message-ID: <Pine.BSF.3.96.980311162943.18866K-100000@trojanhorse.pr.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 11 Mar 1998, Mike Smith wrote:

> > i need an authentication mechanism that requires no root access by the 
> > programs, and that will not deadlock. any candidates? 
> 
> NIS?

Kerberos! :)  Sorry, personal bias here.  Still wondering about a long
term authentication solution.  A few weeks ago I posted about possibly
starting an alternative authentication system mailing list on the -hackets
list, and it was received well (I received a number of responses
indicating people would join if created).  Once I have my IETF drafts in
for the week (deadline Friday) maybe I will put together a possible
charter for such a mailing list.  Certainly, FreeBSD should be looking at
the POSIX ACLs and capabilities.  I'm not sure I'd use them myself (they
seem a little too single-system-centric to me) but having support in the
OS can go a long way.  I understand that Linux has them implemented at
this point.

  Robert N Watson 

Carnegie Mellon University http://www.cmu.edu/
SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message