[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: comments on binary prompts

From: Nicolas Williams <Nicolas Williams ubsw com>
To: pam-list redhat com
Subject: Re: comments on binary prompts
Date: Wed, 16 May 2001 10:25:58 -0400

On Tue, May 15, 2001 at 10:29:09PM -0400, Sam Hartman wrote:
> >>>>> "Andrew" == Andrew Morgan <morgan@transmeta.com> writes:

>     >> [...]  I think PAM binary prompts could be used as a simple API
>     >> wrapper around SASL/GSS-API/Kerberos/..., but apps using PAM
>     >> this way might need to know the token types so as to, for
>     >> example, be able to further format them as needed by the
>     >> protocol spoken by the app, or to be able to respond
>     >> appropriately to prompts whose token type cannot be used by the
>     >> app, either because the protocols it speaks don't specify how
>     >> to use certain token types, or because the app has negotiated a
>     >> network authentication protocol to use with the remote side and
>     >> so on... Also, to be truly useful as a simple wrapper around
>     >> those complex APIs, PAM would have to provide a way for the app
>     >> to communicate with the modules.

^^^ That was me, not Andrew Morgan.

> Where would you use SASL over PAM or GSSAPI over PAM?  Why would it be
> a good idea?

I *think*, but am not convinced, that PAM, with some extra glue, can be
a simpler API to do SASL/GSS/Kerberos with. Think, GSS-API has some
60-some-odd calls. Compare to PAM.

Cheers,

Nico
--

References:
- Re: comments on binary prompts
  - From: Andrew Morgan <morgan@transmeta.com>
- Re: comments on binary prompts
  - From: Sam Hartman <hartmans@MIT.EDU>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []