current-users: Re: BSD Authentication

Subject: Re: BSD Authentication
To: Peter Seebach <seebs@plethora.net>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: current-users
Date: 09/06/2003 00:06:24
On Jan 18, 12:27pm, Peter Seebach wrote:
} In message <Pine.NEB.4.33.0308281530080.25593-100000@vespasia.home-net.icnt.net
} >, Bill Studenmund writes:
} >Well, kinda. The client has to know what to _do_ with the magic cookie. I
} >sure wouldn't like a system that accepted "cookies" which were ponters
} >into the kernel's address space. :-) Yes, they could be plump strings that
} >get fed to a system call.
} 
} Yeah, but we're assuming that the client, if it wants AFS stuff, knows how
} to deal with it.

     Actually, we're not; but, others have covered this issue in more
detail.

} >I'm sorry, new class of thing. We have environment variables now (I
} >gather), and we're talking about credentials (for the AFS credential
} >cache, but I expect we'd do more than just that if we add a generic
} >credential cache). What about the next class of thing?
} 
} Dunno.  I wouldn't be surprised at all if the right thing to do were to
} update libbsdauth to be able to pass the data from an authenticator safely...
} Yes, this is more work than "we'll just let the authenticator scribble on
} the stack", but it's also *safer*.

     Considering that the client doesn't have any idea what libbsdauth
is doing, how is this any safer then having a PAM module do things
within the client's address space (at least from the client's point of
view)?  Remember, a PAM module is just a shared library, just like
libbsdauth will most likely be.  Actually, for your scenario above to
work, it would have to be a shared library.

} >ENV vars will cover a multitude of cases, this is true.
} 
} The thing is, most of the cases where we don't have major *objections* to
} letting an authenticator do some kind of magic are probably cases where
} we *want* a client to do some work to allow for it.

     No, we don't.  One of the things about PAM is that the client
doesn't need to know anything about the magic being performed.  As far
as the client is concerned, it all works exactly same no matter what
authentication methods are being used and no matter what needs to be
done to work with them.  If the client does have to know what is going
on in the background, then something is wrong.  That wouldn't be
scalable, since every client would have to be updated when a new
authentication method was invented.

}-- End of excerpt from Peter Seebach