a suggestion for improving pkinit preauth plugin token choosing

Douglas E. Engert deengert at anl.gov
Wed May 12 13:59:15 EDT 2010

Simo Sorce wrote:
> On Wed, 12 May 2010 10:50:33 -0500
> Nicolas Williams <Nicolas.Williams at oracle.com> wrote:
>> Second, this is a problem for PAM as well, and there there's no easy
>> fix.  PAM and gic are the interfaces that we've got, I'm afraid.
>> Giving up on doing the best we can with the interface we have because
>> we can't get it to be perfect seems wrong to me; taking a detour to
>> extend PAM would be wrong as well as that'd be a huge project.
> Although fixing PAM is not in scope here, I would hope that the
> interface can be chosen in a way that will not make it cumbersome to
> use if someone comes up with something better than PAM in the future.
> PAM is really a problem and I wouldn't be surprised to see
> alternatives cropping out soon.

Is it time to rewrite the PAM standards?

According to:
PAM came from Sun, X/OPen now the Open Group further developed
it and Red Hat had the first Linux-PAM. There is now the XSSO and
OpenPAM too.

This mail list has many of parties involved...

> Simo.


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list