[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: BSD Auth
On Tue, Aug 19, 2008 at 05:13:11PM +0900, SODA Noriyuki wrote:
> > [kerberos]
> The authentication module of PAM runs inside of the caller's process,
> so it's possible to change the state of the process.
> The authentication module of BSD Auth runs as a differnet process
> from the caller's process, so it's impossible.
Nonsense. The application process needs to be able to communicate with
the bsdauth process anyway; there's nothing inherent that prevents
such communication from including Kerberos tickets.
Whether bsdauth as it currently exists is actually capable of doing
this properly is another question; but it's also not entirely clear
that PAM as it exists can do this properly either.
David A. Holland
Main Index |
Thread Index |