Subject: Re: PAM
To: Dan Melomedman <email@example.com>
From: Jim Wise <firstname.lastname@example.org>
Date: 09/25/2002 15:22:24
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 25 Sep 2002, Dan Melomedman wrote:
>Jaromir Dolecek wrote:
>> Dan Melomedman wrote:
>> > Kerberos would work just fine with an exec chain design. And I am still
>> > not sure why AFS wouldn't. You simply modify process state through
>> > environment, then executed job would do its thing.
>> Nobody is going to rewrite all programs needing authentication to do
>> exec chain. That's just not realistic. And I seriously doubt code
>> using exec chain would be sanely maintainable.
>Why? /usr/bin/login writing username/password pair to a known file
>descriptor and fork/execing an authenticating process is somehow
>convoluted or not straight-forward? Unmaintainable? Hardly so.
Wow. You only log into your system using /usr/bin/login? Cool.
Many other people want the ability to compile authentication into a wide
range of existing programs. Can you explain to use how an apache module
could use exec chaining for authentication?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
-----END PGP SIGNATURE-----