On Sun, 15 Aug 1999, Dave Walton wrote:
> > Ideally, things like SRP, SRA, CHAP, PAP, etc,
> > should be available as plugins to client/server apps, so we don't have to
> > make separate patches to telnet/telnetd, ftp/ftpd, etc, for all of the
> > authentication protocols-of-the-day.
>
> I thought that the purpose of PAM was to do just that, at least for
> the server side (telnetd, ftpd, etc). Am I mistaken?
PAM manages the interaction between a server and a backend - e.g. a passwd
file, a RADIUS server or a kerberos ticket server. An application says to
PAM "this guy is claiming to be this user, go and authenticate him and
tell me whether you succeed".
This is fine - PAM should definitely be used for SRP authentication - but
it doesn't specify the format of the authentication exchange back with the
client. That should (my working hypothesis) be done via SASL (Simple
Authentication and Security Layer), for which there are internet drafts
about operation with telnet and other protocols, but I really haven't
thought about the murky details of implementation yet.
Kris
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
