Subject: Re: PAM
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 09/25/2002 17:13:54
>> It means a slight change to your existing AFS code, yes.
> You're saying that it's _slight_.  I strongly disagree.

I haven't seen the code; if you can point me at it, I can offer a more
informed opinion.  But I have trouble believing that it's all that
difficult to use curproc->p_pptr instead of curproc.  (Actually, I
think that if it is, the code is in severe need of a rewrite anyway,
but that's neither here nor there for the immediate point.)

> (AFS was just one example - another is Kerberos, that wants to set an
> environment variable.  Yes, I could pass the environment variable to
> set via any one of a number of message-passing systems, but if I have
> to start teaching the upper layer about each authentication system I
> want to use, then the battle has already been lost, IMHO).

I'd agree with the part after the "but".

I don't agree that setting an environment variable is "teaching the
upper layer about each authentication system"; setting an environment
variable is a sufficiently generic and common thing that it's
reasonable to put a facility for it into the protocol.  (Indeed, one
could argue it would be unresaonable not to.)  Making custom syscalls
isn't, which is why I didn't mention that for AFS - but if you have
custom syscalls, I see no reason why they can't affect whichever
process you want them to.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B