Towards support for S/Key
A common source of security problems is often that each service uses
its own protocol and code for authentication (ftpd, telnetd, rlogind,
login, popd, ...). Besides the inconsistent user interface, this also
introduces many oportunities for security holes. This holds in
particular for public domain software, for which there is no
centralised code management.
As we are integrating all these packages into one high quality
distribution, I think that this point is worth our attention.
Separating authentication code into one library, would offer the
following benefits:
- consistent interface for all utilities
- more security (at least if the library itself is also properly
protected)
- it becomes much more easy to plug in alternative authentication
methods, e.g. S/Key.
BTW: a similar thing has been done with the readline library (I'm not
sure about this, but at least I have noticed that ftp has command line
editing).
On the other hand, I don't think that this modularity is easily
achieved, as it interferes with many packages. Perhaps more
debian-knowledgeable people can add their comments?
--
Patrick Weemeeuw, network manager
K.U.Leuven, KULeuvenNet, currently at the Dept. of Computer Science
Celestijnenlaan 200 A, B-3001 Leuven, Belgium
Tel: +32 16 327635 Fax: +32 16 327996
E-mail: patrick.weemeeuw@kulnet.kuleuven.ac.be
PGP key: ftp://ftp.kulnet.kuleuven.ac.be/pub/people/patrick/pgpkey.asc
Reply to: