Date: Thu, 13 Mar 1997 22:43:51 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: abial@korin.warman.org.pl (Andrzej Bialecki) Cc: sef@Kithrup.COM, freebsd-hackers@FreeBSD.ORG Subject: Re: SecurID authentication Message-ID: <199703131213.WAA05280@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.NEB.3.95.970313121630.4339G-100000@korin.warman.org.pl> from Andrzej Bialecki at "Mar 13, 97 12:31:19 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Andrzej Bialecki stands accused of saying: > > As far as I know, this support isn't complete yet. Specifically, there > don't exist /usr/libexec/login_* modules yet. So, for now this isn't an > option. Maybe some day somebody will write or port the missing pieces... > > Correct me, please, if I'm wrong. No, you're very close. The work on the current login.conf stuff has effectively been stopped (uness someone is doing something I haven't heard about). Sean and David N. were trying to keep compatability with BSD/OS, but BSDi have, yet again, changed their implementation, so there's nothing to be "compatible" with. > On the same subject: as I perceive it, there are quite a few options of > doing authentication in FreeBSD, this way or the other, and some > mysterious hooks to nonexistent pieces of code. Some people prefer > login.conf, and others try to port the PAM modules. IMHO, this subject > lacks overall coordination... and perhaps some efforts are spent on > implementing mutually exlusive architectures... > > Andy, David and I and a local ISP have been corresponding on this a little; all of us are busy, but are of the opinion that the PAM architecture, warts and all, is the best general-purpose approach available. As I've previously mentioned, it's used by Sun, the CDE, HP and our friends at RedHat, so it's not some orphan half-thought-out idea. There exist already a substantial number of modules and a lot of sample source for module implementors; IMHO it is the best strategic choice. -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703131213.WAA05280>