Date: Fri, 08 Jun 2001 00:41:41 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: "Jacques A. Vidrine" <n@nectar.com>, Sheldon Hearn <sheldonh@starjuice.net>, Mark Murray <mark@grondar.za>, arch@FreeBSD.ORG Subject: Re: PAM, S/Key and authentication schemes. Message-ID: <3B2081B5.579A9888@mindspring.com> References: <Pine.NEB.3.96L.1010603093217.46871k-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: [ ... PAM API ... ] > PAM is recognizably not perfect, but as Terry points out, > creating the "perfect modular authentication, authorization, > accounting, and credential-management API" is not a trivial > task. In general, I'd strongly oppose efforts to simply > hack up a replacement unless they were seriously thought > through, and experimented with over an extended period of > time in extremely diverse environments. My main fear was that they were going to go to PAM, and since PAM is completely inadequate for anything Kerberos, break Kerberous and similar systems completely and irrevokably. The point is that you can't just "go to PAM for everything" and "simplify the world". If they wanted to hack up a superset of PAM that could embrace both PAM and Kerberos, I wouldn't object, but it looks like Sun is ducking that issue for now, themselves, and that it's probably a pretty hard target. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B2081B5.579A9888>