a suggestion for improving pkinit preauth plugin token choosing
Douglas E. Engert
deengert at anl.gov
Wed May 12 13:59:15 EDT 2010
Simo Sorce wrote:
> On Wed, 12 May 2010 10:50:33 -0500
> Nicolas Williams <Nicolas.Williams at oracle.com> wrote:
>
>> Second, this is a problem for PAM as well, and there there's no easy
>> fix. PAM and gic are the interfaces that we've got, I'm afraid.
>> Giving up on doing the best we can with the interface we have because
>> we can't get it to be perfect seems wrong to me; taking a detour to
>> extend PAM would be wrong as well as that'd be a huge project.
>
> Although fixing PAM is not in scope here, I would hope that the
> interface can be chosen in a way that will not make it cumbersome to
> use if someone comes up with something better than PAM in the future.
>
> PAM is really a problem and I wouldn't be surprised to see
> alternatives cropping out soon.
Is it time to rewrite the PAM standards?
According to:
http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
PAM came from Sun, X/OPen now the Open Group further developed
it and Red Hat had the first Linux-PAM. There is now the XSSO and
OpenPAM too.
This mail list has many of parties involved...
>
> Simo.
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list