Subject: Re: PAM
To: None <firstname.lastname@example.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 09/25/2002 17:13:54
>> It means a slight change to your existing AFS code, yes.
> You're saying that it's _slight_. I strongly disagree.
I haven't seen the code; if you can point me at it, I can offer a more
informed opinion. But I have trouble believing that it's all that
difficult to use curproc->p_pptr instead of curproc. (Actually, I
think that if it is, the code is in severe need of a rewrite anyway,
but that's neither here nor there for the immediate point.)
> (AFS was just one example - another is Kerberos, that wants to set an
> environment variable. Yes, I could pass the environment variable to
> set via any one of a number of message-passing systems, but if I have
> to start teaching the upper layer about each authentication system I
> want to use, then the battle has already been lost, IMHO).
I'd agree with the part after the "but".
I don't agree that setting an environment variable is "teaching the
upper layer about each authentication system"; setting an environment
variable is a sufficiently generic and common thing that it's
reasonable to put a facility for it into the protocol. (Indeed, one
could argue it would be unresaonable not to.) Making custom syscalls
isn't, which is why I didn't mention that for AFS - but if you have
custom syscalls, I see no reason why they can't affect whichever
process you want them to.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML email@example.com
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B