Date: Fri, 13 Nov 1998 15:58:07 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Mark Murray <mark@grondar.za> Cc: ark@eltex.ru, cschuber@uumail.gov.bc.ca, oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG Subject: Re: Intruder Lockout Message-ID: <Pine.BSF.3.96.981113155557.16788A-100000@fledge.watson.org> In-Reply-To: <199811132050.WAA29529@greenpeace.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Nov 1998, Mark Murray wrote: > > Kerberos is a big problem itself: you have to kerberize _everything_ > > that is even harder than SSLeay'ing it.. > > Ahah! > > PAM is in the wings. PAM is not much of a problem. In the beginning, > maybe a PITA, but once its done, your security strategy is kinda > easy ;-). Mark, My understanding has always been that PAM is only good for talking to humans, and cannot be used to make things like kerberized ftp or kerberized imap any easier to write. That is, that it essentially performs a set of challenges/responses intended for humans and is not easily adaptable for server-server communication or unattended communication in secure protocols. Is this interpretation correct? (Not having it under BSD, I haven't had much opportunity to use it). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981113155557.16788A-100000>