a suggestion for improving pkinit preauth plugin token choosing

[Nicolas Williams]

On Wed, May 12, 2010 at 02:58:42PM -0400, Simo Sorce wrote:
> On Wed, 12 May 2010 12:59:15 -0500
> "Douglas E. Engert" <deengert at anl.gov> wrote:
> > Is it time to rewrite the PAM standards?
> 
> Certainly my desktop pals would like me to try to. :-)

We should try to not throw the baby out with the bath water.  I can
think of a number of enhancements to PAM that would address many/most of
its API/SPI problems while remaining backwards compatible with existing
PAM apps and modules.

Nico
--