Subject: Re: PAM
To: Bill Studenmund <current-users@netbsd.org>
From: Dan Melomedman <dan%dan.dan@devonit.com>
List: current-users
Date: 09/25/2002 14:39:51
> See above. Some auth methods have steps that have to happen after you get
> the OK/FAIL knowledge, to fully make use of the system. For AFS, you load
> tokens. For Kerberos, you set an environment variable to point to the
> ticket file.

Kerberos would work just fine with an exec chain design. And I am still
not sure why AFS wouldn't. You simply modify process state through
environment, then executed job would do its thing.

> > Could it be those systems need a redesign for simplicity's sake?
> 
> You want to redesign them just so they fit into one particular
> authentication model? They work fine now, and have worked for over ten
> years. That sounds like putting the cart before the horse.

I didn't say that. However, I would hate to see AFS brokenness result in
a broken authentication system design.