a suggestion for improving pkinit preauth plugin token choosing
Simo Sorce
ssorce at redhat.com
Wed May 12 13:40:56 EDT 2010
On Wed, 12 May 2010 10:50:33 -0500
Nicolas Williams <Nicolas.Williams at oracle.com> wrote:
> Second, this is a problem for PAM as well, and there there's no easy
> fix. PAM and gic are the interfaces that we've got, I'm afraid.
> Giving up on doing the best we can with the interface we have because
> we can't get it to be perfect seems wrong to me; taking a detour to
> extend PAM would be wrong as well as that'd be a huge project.
Although fixing PAM is not in scope here, I would hope that the
interface can be chosen in a way that will not make it cumbersome to
use if someone comes up with something better than PAM in the future.
PAM is really a problem and I wouldn't be surprised to see
alternatives cropping out soon.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list