Subject: Re: RFC: migration to a fully dynamically linked system
To: None <tech-userlevel@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-userlevel
Date: 12/30/2001 22:17:23
> To authenticate a user you would need some of these things:
> 1) username
> 2) password
> 3) some form of domain or other name
> 4) ???

4) A channel (file descriptor, callback pointer, whatever) to generate
output and collect further input (such as challenges and responses, or
interaction suitable for zero-knowledge demonstrations of identity).

> In return applications could get back:
> 1) valid/invalid, expired password, expired account, etc etc.
> 2) other data, like being instructed to set an environmental variable to
>    some specific value.
> 3) perhaps an opaque cookie
> 4) ???

At a minimum, the UID, primary GID, and list of auxiliary GIDs!

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B