Re: BSD Auth

To: NetBSD Security Discussion List <tech-security%NetBSD.org@localhost>
Subject: Re: BSD Auth
From: David Holland <dholland-security%netbsd.org@localhost>
Date: Wed, 20 Aug 2008 01:07:07 +0000

On Tue, Aug 19, 2008 at 05:13:11PM +0900, SODA Noriyuki wrote:
 > > [kerberos]
 > The authentication module of PAM runs inside of the caller's process,
 > so it's possible to change the state of the process.
 > The authentication module of BSD Auth runs as a differnet process
 > from the caller's process, so it's impossible.

Nonsense. The application process needs to be able to communicate with
the bsdauth process anyway; there's nothing inherent that prevents
such communication from including Kerberos tickets.

Whether bsdauth as it currently exists is actually capable of doing
this properly is another question; but it's also not entirely clear
that PAM as it exists can do this properly either.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.

References:
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki

Prev by Date: Re: BSD Auth
Next by Date: Re: BSD Auth
Previous by Thread: Re: BSD Auth
Next by Thread: Re: BSD Auth
Indexes:

Home | Main Index | Thread Index | Old Index