Subject: Re: BSD Auth for NetBSD
To: Jason Thorpe <thorpej@wasabisystems.com>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 09/13/2003 13:23:02
[ On Saturday, September 13, 2003 at 00:07:49 (-0700), Jason Thorpe wrote: ]
> Subject: Re: BSD auth for AFS
>
> But you've over-simplified the problem. Sure, you're suggesting a
> solution for this *one specific case*. But you are NOT solving the
> general problem, which is that BSD Auth is fundamentally incapable of
> modifying the context of the process requesting the authentication,
> which is a capability that is sometimes necessary and which PAM has.
I've not solved the problem because I don't want to. In fact by
definition and by design I _must_ NOT sovle that problem. It really is
a feature of BSD Auth to force the authenticator to run in a separate
context. It's a "VERY Good Thing(tm)"! Solving that problem would take
away the major distinguishing feature of BSD Auth (and the one I believe
primarily responsible for it being so clean, simple, small, and elegant).
Besides, anything that must be done to the caller's process context (or
address space), _can_ be done, _but_ it MUST be done in a controlled way
by proxy of the BSD Auth interface. That's the whole idea.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>