Subject: Re: PAM
To: Bill Studenmund <firstname.lastname@example.org>
From: Dan Melomedman <email@example.com>
Date: 09/25/2002 14:39:51
> See above. Some auth methods have steps that have to happen after you get
> the OK/FAIL knowledge, to fully make use of the system. For AFS, you load
> tokens. For Kerberos, you set an environment variable to point to the
> ticket file.
Kerberos would work just fine with an exec chain design. And I am still
not sure why AFS wouldn't. You simply modify process state through
environment, then executed job would do its thing.
> > Could it be those systems need a redesign for simplicity's sake?
> You want to redesign them just so they fit into one particular
> authentication model? They work fine now, and have worked for over ten
> years. That sounds like putting the cart before the horse.
I didn't say that. However, I would hate to see AFS brokenness result in
a broken authentication system design.