[ On Friday, January 24, 2003 at 09:35:59 (+0200), Alan Barrett wrote: ]
> Subject: Re: integrating PAM
>
> On Thu, 23 Jan 2003, Jason R Thorpe wrote:
> > 
> > with the canonical example being authentication methods (usually
> > Kerberos-based ones, e.g. AFS) which have to push a token into the
> > kernel (AFS, DFS, and Kerberized-NFS need this in order to be able to
> > access your files).
> 
> Whatever syscall pushes tokens into the kernel could be modified to take
> an extra arg saying "do it on behalf of this other process".

Indeed it could -- and in fact from what I could find the last time I
did some research into this, some implementations have already been
fixed to do this properly....

>  But this
> would have interesting security implications.

...and so far as I could tell securely as well.

In fact the arguments about AFS, DFS, and Kerberized-NFS are all
ignoring the fact that their original authorization mechanism was
designed by people who apparently didn't understand the Unix security
model in the least, or who at least didn't care to follow it.  It
doesn't take much reading to discover that other implementers have
already tripped over this problem and there are already other viable
solutions.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>